On Thu, 03 May 2007 17:30:47 -0700, Tom Furie <[EMAIL PROTECTED]>
wrote:
On Wed, May 02, 2007 at 08:04:53AM -0700, Octavio Alvarez wrote:
You might as well put some iptables-restore at the endo of the "up"
of each interface in /etc/network/interfaces. This lets you control
your firewall per interface and have only the needed rules alive.
Wouldn't you be better putting the iptables-restore stuff in the pre-up
line? That way the firewall rules are in place before the interface is
live.
I'm not sure, but I guess not. Consider a line like
-A INPUT -i eth0 -j ACCEPT
Will iptables accept the "-i eth0" before eth0 actually exists? I don't
remember.
Cheers.
--
Octavio.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
