Does anyone know if there is a plan to fix/address this before the next
release? Also, could someone give me a copy of the old script "/etc/init.d/iptables". I need a way to save my rules, as we all do. Thanks. Ralph Darryl Luff wrote: On Sun, 13 Jun 2004 08:15 am, Ralph Crongeyer wrote:Darryl Luff wrote:Ralph Crongeyer wrote:How does one save iptables rules in Debian "Unstable/SID"? I've tried iptables-save and get some output with no errors, but when I reboot all my rules are gone? Is there a "Debian way" of doing this? Rather...If you dont have the init scripts (which are apparently deprecated) I think the rules aren't automatically restored on reboot. In Testing at least there are some notes in /usr/share/doc/iptables/README.Debian.gz that show how to do it using ifupdown, which doesn't quite seem right to me unless you have seperate per-interface rules, but on a single interface box I suppose it doesnt matter. .I guess it doesn't matter for a single interface but it hardly seems like the best solution either. At least to me. It seems there used to be a script in /etc/init.d/ called iptables to start and stop and save rules. It's all over google. But that script doesn't exist on any of my four SID boxes, unless it is provided by another package?It's deprecated in current SID so the only machines that have it are ones that have been around for a while and been upgraded.There must be a better way to handel this than ifupdown? Does anyone know of plans to bring the script back? Or other plans for another solution?I don't know what the plan is. I don't like using ifupdown because you'd have to manage a separate rule script for each interface. But I've never liked the init.d script because I normally expect things in there to be actually starting daemons. But come to think of it that's not valid anyway. I think the logical place would be at the end of /etc/init.d/networking. It could look for /etc/network/firewall and run it if it existed. This is the file that sets up routing and anti-spoofing, and the firewall should be configured as soon as possible after the network comes up. Darryl. |