John Summerfield wrote:
Below is a previous discussion I had going on this list. Sorry if it's not much help. :-) It seems that nobody working with Debian is interested in a way to handle this problem, as I got very little response to the issue. anyway here is the e-mail/s.blm@woodheap.org wrote:The script has been superceded: I've not discovered by what: I'm not interested. The author clearly wasn't happy with it.I recently installed debian testing (sarge) on a clients machine and am trying to get the firewall to load on reboot. AFAIK there was a /etc/init.d/iptables script in previous releases of debian but it doesn't seem to be there anymore. Is this correspond to others experiences? Has this script been replaced with a different mechanism for starting iptables at boot time?Since you're asking I guess, like me, you're not entirely comfortable with rolling your own.I'm using shorewall on some Woody boxes. I just installed it on Sarge and decided it's going to take well over five minutes to configure. There _is_ a webmin module for it; I've not looked at it yet though.There are also other firewall packages: fwbuilder comes to mind.
Does anyone know if there is a plan to fix/address this before the next release? Also, could someone give me a copy of the old script "/etc/init.d/iptables". I need a way to save my rules, as we all do.
Thanks. Ralph Darryl Luff wrote:
On Sun, 13 Jun 2004 08:15 am, Ralph Crongeyer wrote:Darryl Luff wrote:Ralph Crongeyer wrote:How does one save iptables rules in Debian "Unstable/SID"? I've tried iptables-save and get some output with no errors, but when I reboot all my rules are gone? Is there a "Debian way" of doing this? Rather...It's deprecated in current SID so the only machines that have it are ones that have been around for a while and been upgraded.If you dont have the init scripts (which are apparently deprecated) I think the rules aren't automatically restored on reboot. In Testing at least there are some notes in /usr/share/doc/iptables/README.Debian.gz that show how to do it using ifupdown, which doesn't quite seem right to me unless you have seperate per-interface rules, but on a single interface box I suppose it doesnt matter. .I guess it doesn't matter for a single interface but it hardly seems like the best solution either. At least to me. It seems there used to be a script in /etc/init.d/ called iptables to start and stop and save rules. It's all over google. But that script doesn't exist on any of my four SID boxes, unless it is provided by another package?I don't know what the plan is. I don't like using ifupdown because you'd have to manage a separate rule script for each interface. But I've never liked the init.d script because I normally expect things in there to be actually starting daemons. But come to think of it that's not valid anyway.There must be a better way to handel this than ifupdown? Does anyone know of plans to bring the script back? Or other plans for another solution?I think the logical place would be at the end of /etc/init.d/networking. It could look for /etc/network/firewall and run it if it existed. This is the file that sets up routing and anti-spoofing, and the firewall should be configured as soon as possible after the network comes up.Darryl.
Ralph