On Sun, 13 Jun 2004 08:15 am, Ralph Crongeyer wrote:
Darryl Luff wrote:
Ralph Crongeyer wrote:
How does one save iptables rules in Debian "Unstable/SID"? I've tried
iptables-save and get some output with no errors, but when I reboot
all my rules are gone? Is there a "Debian way" of doing this? Rather
...
If you dont have the init scripts (which are apparently deprecated) I
think the rules aren't automatically restored on reboot. In Testing at
least there are some notes in /usr/share/doc/iptables/README.Debian.gz
that show how to do it using ifupdown, which doesn't quite seem right
to me unless you have seperate per-interface rules, but on a single
interface box I suppose it doesnt matter.
.
I guess it doesn't matter for a single interface but it hardly seems
like the best solution either. At least to me. It seems there used to be
a script in /etc/init.d/ called iptables to start and stop and save
rules. It's all over google. But that script doesn't exist on any of my
four SID boxes, unless it is provided by another package?
It's deprecated in current SID so the only machines that have it are ones that
have been around for a while and been upgraded.
There must be a better way to handel this than ifupdown? Does anyone
know of plans to bring the script back? Or other plans for another
solution?
I don't know what the plan is. I don't like using ifupdown because you'd have
to manage a separate rule script for each interface. But I've never liked
the init.d script because I normally expect things in there to be actually
starting daemons. But come to think of it that's not valid anyway.
I think the logical place would be at the end of /etc/init.d/networking. It
could look for /etc/network/firewall and run it if it existed. This is the
file that sets up routing and anti-spoofing, and the firewall should be
configured as soon as possible after the network comes up.
Darryl.