[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables service with debian

On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg <pascal@plouf.fr.eu.org> wrote:
> Tom H a écrit :
>> On Fri, Apr 27, 2012 at 4:05 AM, Joe <joe@jretrading.com> wrote:
>>>
>>> But the save and restore commands only give you the iptables rules, and
>>> you may want to do other network-related things when the 'service' is
>>> started, such as loading conntrack modules for unusual protocols.
>>
>> It's best to run an iptables script from "/etc/network/if-pre-up.d/".
>
> Only for the rules which are related to a specific interface. Ruleset
> initialization should not be done from there.

Why not? Is this documented somewhere? If not, from where should
iptables rules be launched?

"if-pre-up.d" is the only logical location (and it isn't tied to any
particular NIC) for launching an iptables script since Debian ripped
out "/etc/init.d/iptables".

It's also the recommended location on the Debian wiki:

http://wiki.debian.org/iptables
Reply to: