On Sat, May 14, 2011 at 00:31, Bernd Zeimetz <be...@bzed.de> wrote: > Hi, > > If I remember right such functions were removed from the iptables package for > various good reasons, for example to avoid that people lock themselves out. > > Implementing something similar is pertty easy, add something like > > pre-up iptables-restore < /etc/network/iptables.save || true
I pretty much desire to avoid manually changing as less configuration files as possible > > to the network config in your /etc/network/interfaces and at the point when > you > have a well working iptables config use > iptables-save > /etc/network/iptables.save > > I'd never recommend to let something save iptables rules automatically. Do it > manually when you;re sure that you have a working configuration. > I did not mention the word "automatically". I just want to have a lazymans' way[1] to - manually save rules - automatically restore saved rules at boot That's exactly what the iptables initscript does in redhat, for the past 11 years (first appeared in "ipchains" http://legacy.redhat.com/pub/redhat/linux/6.2/en/os/i386/RedHat/RPMS/ipchains-1.3.9-5.i386.rpm) For that, Andrei's recommendation of iptables-persistent seems the most tolerable answer, especially with Tollef's hint of saving - and I hope the package maintainer will be kind enough to (accept a patch for)/(develop) the initscript to parse a 'save' parameter) > Or even better, use ferm instead. Tried it but, uh, I'm enough confortable with iptables syntax ___ [1] type as less as possible, memorize as few as possible -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/banlktingkatjzuc461ug36zcpnqmume...@mail.gmail.com
