Thank You for Your time and answer, Javier: > Did you try to use your iptable script in post-up / pre-down hooks at > /etc/network/interfaces ? I think it is the best solution for that
But I have to disagree w/ You - for once the network environment changes that is, say the machine will be out of a net, then the file running will cease on the interface initialization (or whatever) that will end up with not started firewall at all - that can be dangerous in cases of: a) there are rules for internal programs communications (that is within the machine); b) if a modem connection will be istablished - the machine will be just uncovered for the net (?Internet). Personally, I advice the topic author to make a script, make it running from some /etc/rcN.d, having small number after S. - Then the firewall will be launched independently on what the current network environment is. Disadvantage is there is a time between actual interface initialization moment and the moment the iptables rules are applied. Please, correct me, if I'm wrong. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
