On Fri, Jan 14, 2011 at 4:31 PM, Bob Proulx <b...@proulx.com> wrote: > Paul Cartwright wrote: >> Bob Proulx wrote: >> >> #iptables loaded here: >> pre-up iptables-restore < /etc/firewall-rules > > That looks like something local to your system. It seems like an odd > place to put that. It looks like someone was trying to reload the > firewall rules at startup time but didn't know about the directory of > scripts /etc/network/if-up.d/* and so associated the timing with the > loopback device coming online instead. Eww... >> >> did I put that iptables entry in? I don't remember.. should it be there? > > I think you did put that in there. It has that look. As to whether > it /should/ be there... well *I* wouldn't put it there. :-) I think > that type of reloading belongs elsewhere such as in an if-up.d/* > script. But I don't know about your firewall setup. I could guess > something like this in /etc/network/if-up.d/local-firewall using your > current config as a template. > > #!/bin/sh > case $IFACE in > eth*) > iptables-restore < /etc/firewall-rules > ;; > esac > exit 0 > > That will run your command whenever any eth* device is brought up.
See http://wiki.debian.org/iptables because it suggests the "/etc/firewall-rules" location. I usually put the equivalent of "/etc/firewall-rules" (so without using "iptables-restore") in "/etc/network/if-pre-up.d" because I want the firewall up before the network's brought up. Using "pre-up" in "/etc/network/interfaces" is basically the same thing, AFAIK. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktimm7fhgtyim7ue06ifhp9g3616t3g__mswgh...@mail.gmail.com
