On Sun, 13 Jun 2004 08:15 am, Ralph Crongeyer wrote: > Darryl Luff wrote: > > Ralph Crongeyer wrote: > >> How does one save iptables rules in Debian "Unstable/SID"? I've tried > >> iptables-save and get some output with no errors, but when I reboot > >> all my rules are gone? Is there a "Debian way" of doing this? Rather ... > > If you dont have the init scripts (which are apparently deprecated) I > > think the rules aren't automatically restored on reboot. In Testing at > > least there are some notes in /usr/share/doc/iptables/README.Debian.gz > > that show how to do it using ifupdown, which doesn't quite seem right > > to me unless you have seperate per-interface rules, but on a single > > interface box I suppose it doesnt matter. > > . > > I guess it doesn't matter for a single interface but it hardly seems > like the best solution either. At least to me. It seems there used to be > a script in /etc/init.d/ called iptables to start and stop and save > rules. It's all over google. But that script doesn't exist on any of my > four SID boxes, unless it is provided by another package? > It's deprecated in current SID so the only machines that have it are ones that have been around for a while and been upgraded.
> There must be a better way to handel this than ifupdown? Does anyone > know of plans to bring the script back? Or other plans for another > solution? > I don't know what the plan is. I don't like using ifupdown because you'd have to manage a separate rule script for each interface. But I've never liked the init.d script because I normally expect things in there to be actually starting daemons. But come to think of it that's not valid anyway. I think the logical place would be at the end of /etc/init.d/networking. It could look for /etc/network/firewall and run it if it existed. This is the file that sets up routing and anti-spoofing, and the firewall should be configured as soon as possible after the network comes up. Darryl. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
