Re: saving iptables rules?
On Sun, 13 Jun 2004 08:15 am, Ralph Crongeyer wrote:
> Darryl Luff wrote:
> > Ralph Crongeyer wrote:
> >> How does one save iptables rules in Debian "Unstable/SID"? I've tried
> >> iptables-save and get some output with no errors, but when I reboot
> >> all my rules are gone? Is there a "Debian way" of doing this? Rather
...
> > If you dont have the init scripts (which are apparently deprecated) I
> > think the rules aren't automatically restored on reboot. In Testing at
> > least there are some notes in /usr/share/doc/iptables/README.Debian.gz
> > that show how to do it using ifupdown, which doesn't quite seem right
> > to me unless you have seperate per-interface rules, but on a single
> > interface box I suppose it doesnt matter.
> > .
>
> I guess it doesn't matter for a single interface but it hardly seems
> like the best solution either. At least to me. It seems there used to be
> a script in /etc/init.d/ called iptables to start and stop and save
> rules. It's all over google. But that script doesn't exist on any of my
> four SID boxes, unless it is provided by another package?
>
It's deprecated in current SID so the only machines that have it are ones that
have been around for a while and been upgraded.
> There must be a better way to handel this than ifupdown? Does anyone
> know of plans to bring the script back? Or other plans for another
> solution?
>
I don't know what the plan is. I don't like using ifupdown because you'd have
to manage a separate rule script for each interface. But I've never liked
the init.d script because I normally expect things in there to be actually
starting daemons. But come to think of it that's not valid anyway.
I think the logical place would be at the end of /etc/init.d/networking. It
could look for /etc/network/firewall and run it if it existed. This is the
file that sets up routing and anti-spoofing, and the firewall should be
configured as soon as possible after the network comes up.
Darryl.
Reply to: