Re: iptables service with debian

To: debian-user@lists.debian.org
Subject: Re: iptables service with debian
From: Joe <joe@jretrading.com>
Date: Sat, 28 Apr 2012 08:40:05 +0100
Message-id: <[🔎] 20120428084005.0726a93a@jretrading.com>
Reply-to: joe@jretrading.com
In-reply-to: <[🔎] CAOdo=SyopPimh8_yh5cPS-buNqqCVLn9AaEvnWwmq5MhzAgjsQ@mail.gmail.com>
References: <[🔎] CAGWVfMmQK0uvzaF1jBGbG12Rzeq_O8Fszf=E-StvH8wgPLT-Cg@mail.gmail.com> <[🔎] 20120426223825.498d08ea@jretrading.com> <[🔎] CAGWVfMnvnS-nJWeJah1rLJqnARHszsvjz0KVrUy0K9eU_hrf-A@mail.gmail.com> <[🔎] 20120427090537.0dad5679@jretrading.com> <[🔎] CAOdo=SxRmY_5YbB7AprM-mn+1Ho4+1iYdMXJHXg90AxHeF5oCg@mail.gmail.com> <[🔎] 4F9B24D9.80100@plouf.fr.eu.org> <[🔎] CAOdo=SyopPimh8_yh5cPS-buNqqCVLn9AaEvnWwmq5MhzAgjsQ@mail.gmail.com>

On Sat, 28 Apr 2012 02:41:29 -0400
Tom H <tomh0665@gmail.com> wrote:

> On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg
> <pascal@plouf.fr.eu.org> wrote:
> > Tom H a écrit :
> >> On Fri, Apr 27, 2012 at 4:05 AM, Joe <joe@jretrading.com> wrote:
> >>>
> >>> But the save and restore commands only give you the iptables
> >>> rules, and you may want to do other network-related things when
> >>> the 'service' is started, such as loading conntrack modules for
> >>> unusual protocols.
> >>
> >> It's best to run an iptables script from
> >> "/etc/network/if-pre-up.d/".
> >
> > Only for the rules which are related to a specific interface.
> > Ruleset initialization should not be done from there.
> 
> Why not? Is this documented somewhere? If not, from where should
> iptables rules be launched?
> 
> "if-pre-up.d" is the only logical location (and it isn't tied to any
> particular NIC) for launching an iptables script since Debian ripped
> out "/etc/init.d/iptables".
> 
> It's also the recommended location on the Debian wiki:
> 
> http://wiki.debian.org/iptables
> 
> 

Which also mentions iptables-persistent.

-- 
Joe

Reply to:

Follow-Ups:
- Re: iptables service with debian
  - From: Tom H <tomh0665@gmail.com>

References:
- iptables service with debian
  - From: Muhammad Yousuf Khan <sirtcp@gmail.com>
- Re: iptables service with debian
  - From: Joe <joe@jretrading.com>
- Re: iptables service with debian
  - From: Muhammad Yousuf Khan <sirtcp@gmail.com>
- Re: iptables service with debian
  - From: Joe <joe@jretrading.com>
- Re: iptables service with debian
  - From: Tom H <tomh0665@gmail.com>
- Re: iptables service with debian
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: iptables service with debian
  - From: Tom H <tomh0665@gmail.com>

Prev by Date: Re: Problem with resolution on Radeon HD 7459 card (Squeeze)
Next by Date: install iwlwifi driver in debian 6
Previous by thread: Re: iptables service with debian
Next by thread: Re: iptables service with debian
Index(es):
- Date
- Thread