On Friday 31 December 2004 14:21, Marcus C. Gottwald wrote: > > I do like the way iptables is used in woody: You create your > chains and rules any way you like and once you're done, you tell > it to save the current state (by executing > "/etc/init.d/iptables save active"). You can easily make copies > of the dump for backup purposes. Also, if a change turns out to > break something, running "/etc/init.d/iptables start" before a > "save" will simply revert the changes.
iirc, that was an add-on. iptables-save is now available as part of the iptables package (there's no init.d script, but it is in /sbin/iptables-save). > Out of curiosity: What features are expected from a config tool? > On a laptop computer, you'd seldom need a lot more than to allow > outgoing, related or established traffic plus incoming SSH, > wouldn't you? Heavens, my laptop is a portable web/database/file/printer server :-) I think that my rules _could_ be much simpler - many of the ones that were set up by Guarddog should be just covered by global "outgoing, related or established" rules, and then I could configure specific incoming overrides for the rest. I'd consider the rules for a laptop to be much more complex than for the average desktop machine. -- derek -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
