[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: saving iptables rules?

Does anyone know if there is a plan to fix/address this before the next release?
Also, could someone give me a copy of the old script "/etc/init.d/iptables". I need a way to save my rules, as we all do.


Darryl Luff wrote:
On Sun, 13 Jun 2004 08:15 am, Ralph Crongeyer wrote:
Darryl Luff wrote:
Ralph Crongeyer wrote:
How does one save iptables rules in Debian "Unstable/SID"? I've tried
iptables-save and get some output with no errors, but when I reboot
all my rules are gone? Is there a "Debian way" of doing this? Rather
If you dont have the init scripts (which are apparently deprecated) I
think the rules aren't automatically restored on reboot. In Testing at
least there are some notes in /usr/share/doc/iptables/README.Debian.gz
that show how to do it using ifupdown, which doesn't quite seem right
to me unless you have seperate per-interface rules, but on a single
interface box I suppose it doesnt matter.
I guess it doesn't matter for a single interface but it hardly seems
like the best solution either. At least to me. It seems there used to be
a script in /etc/init.d/ called iptables to start and stop and save
rules. It's all over google. But that script doesn't exist on any of my
four SID boxes, unless it is provided by another package?

It's deprecated in current SID so the only machines that have it are ones that 
have been around for a while and been upgraded.

There must be a better way to handel this than ifupdown? Does anyone
know of plans to bring the script back? Or other plans for another

I don't know what the plan is. I don't like using ifupdown because you'd have 
to manage a separate rule script for each interface.  But I've never liked 
the init.d script because I normally expect things in there to be actually 
starting daemons. But come to think of it that's not valid anyway.

I think the logical place would be at the end of /etc/init.d/networking. It 
could look for /etc/network/firewall and run it if it existed. This is the 
file that sets up routing and anti-spoofing, and the firewall should be 
configured as soon as possible after the network comes up.



Reply to: