Re: iptables service with debian
On Sat, Apr 28, 2012 at 4:30 AM, Pascal Hambourg <pascal@plouf.fr.eu.org> wrote:
> Hello,
> Tom H a écrit :
>> On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg <pascal@plouf.fr.eu.org> wrote:
>>> Tom H a écrit :
>>>> It's best to run an iptables script from "/etc/network/if-pre-up.d/".
>>> Only for the rules which are related to a specific interface. Ruleset
>>> initialization should not be done from there.
>>
>> Why not?
>
> Because it makes no sense to re-initialize the ruleset every time an
> interface is activated.
>
>> Is this documented somewhere? If not, from where should
>> iptables rules be launched?
>
> Iptables should be initialized from an initscript run before networking.
I agree but until someone else pointed out that there was
iptables-persistent for that, there was no packaged way of doing so.
Until iptables-persistent was released in July 2009, there wasn't a
packaged way of doing so and using "/etc/network/if-pre-up.d/" was the
recommended way, as documented in the Debian wiki.
Reply to: