[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Starting iptables

On Tue, Oct 17, 2006 at 05:15:19PM -0700, Andrew Sackville-West wrote:
> On Tue, Oct 17, 2006 at 07:08:47PM -0500, cothrige wrote:
> > * Andrew Sackville-West (andrew@farwestbilliards.com) wrote:
> > > 
> > > isn't iptables part of the kernel and therefor up by default when the
> > > kernel starts executing? 
> > > 
> > > A
> > 
> > Yes, iptables as far as I know is part of the kernel, but the rules
> > must be loaded.  In Slackware I would create a script and put it in
> > rc.d to be loaded.  I suppose that I could do something similar with
> > Debian, but would like to make sure that there is not some more
> > correct way to handle it first.
> 
> right, okay, I understand. sorry. Yeah, there is surely some Debian
> way to do it. sorry, don't know it.

I'd recommend using shorewall or another such "firewall" system. 
Shorewall is a very capable system for configuring iptables (or 
other backend), and does provide a "startup" file in /etc/init.d/.
Shorewall doesn't run as a daemon, rather it runs once to set up 
the kernel iptables (or other) and then it's done.

-- 
Ken Irving, fnkci@uaf.edu
Reply to: