On Jan 14, 2011 5:56 PM, "Paul Cartwright" <debian@pcartwright.com> wrote:
>
> On 01/14/2011 05:34 PM, Bob Proulx wrote:
> > the eth* device and not the lo device.
> >
> > To be clear you had:
> >
> > auto lo
> > iface lo inet loopback
> > pre-up iptables-restore < /etc/firewall-rules
> >
> > I was going "ew..." about having it associated in time with the lo
> > device coming online. If you move that down to the eht0 device then I
> > wouldn't have made that comment. I mean something like this from your
> > example:
> oh, wow, I totally MISSED that, now I see what you mean, thanks!
> I added your script anyway to the ip-up.d/firewall-rules , that looks
> more better:)
> took it out of interfaces. It actually didn't do what I want anyway, the
> file It used was dated, and had not been updated with recent changes!
>
If you do that, you might want to put something that cleans up those iptables rules in if-down.d. don't recall if iptables will chain rules if you're -Appending rules, but it might cause issues. Though, I suppose if there hasn't been issue so far with that in your interfaces file, there shouldn't be issue here. That said, its my general rule to make sure things clean up after themselves anyway...