[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables



On 07/10/2013 07:08 PM, Brian wrote:
On Wed 10 Jul 2013 at 16:51:47 +0200, ha wrote:

none of them are checked. But, anyway, it overrides if-pre.up.d settings.
perhaps this GUI doesn't like me.

No, it isn't that. If the packet filtering rules in if-pre.up.d are
overwritten it is because your script is run before the firestarter one.
Look at the numbering of the scripts. The one for your file can be
altered so that it runs second. (Not that I am suggesting this is the
best course of action).

The basic question though is: why have two scripts to configure iptable
rules? Going with one means all your problems evaporate.

I didn't realized I have two scripts until now, becaouse the firestarter's script was in if-up.d. That's why I was trying to disable it by other means (for now), and looked in init.d and rc*.d...

the latter two works fine. but I dislike the option of having to
install and purge the package every time I want to test something.

What disadvantage to you is there in leaving it purged?

on Arch you can have many packages that do not work (even when
installed) unless you explicitly set it to work. I do not say that
Debian should be like that, just looking for a "simple way" to turn
this one off, preferably by stopping it form loading at the boot
time.

I could think of one more alternative, like removing
/etc/init.d/firestarter but I'm unsure whether this will mess up
anything else.

It isn't advisable. Please read update-rc.d(8).

Any other suggestions, or preferable alternatives...?

    update-rc.d fireststarter disable

and reboot.
This is great. This is what I was looking for. But, now it would probably be sufficient to remove the firestarter's script form if-up.d. Either way, I like suggestions with pointers on how to try and learn something new.
Thanks Brian.

After a while you will forget about having it on your system; it will
just sit there doing nothing. Purging it means you can forget about it
immediately and all your niggles and problems are over. Plus the disk
space gained can be used to hold something of more use to you.


Sometimes I experiment with firewall configuration before loading it to server. Sometimes I use firestarter for this. Thus, I want it just to sit here and not to interfere with my default configuration - until I call it. I know this is not the best practice, but until I master chroot a bit more, this is the simplest non-bloated option I have...


Reply to: