On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg <pas...@plouf.fr.eu.org> wrote: > Tom H a écrit : >> On Fri, Apr 27, 2012 at 4:05 AM, Joe <j...@jretrading.com> wrote: >>> >>> But the save and restore commands only give you the iptables rules, and >>> you may want to do other network-related things when the 'service' is >>> started, such as loading conntrack modules for unusual protocols. >> >> It's best to run an iptables script from "/etc/network/if-pre-up.d/". > > Only for the rules which are related to a specific interface. Ruleset > initialization should not be done from there.
Why not? Is this documented somewhere? If not, from where should iptables rules be launched? "if-pre-up.d" is the only logical location (and it isn't tied to any particular NIC) for launching an iptables script since Debian ripped out "/etc/init.d/iptables". It's also the recommended location on the Debian wiki: http://wiki.debian.org/iptables -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAOdo=syoppimh8_yh5cps-bunqqcvln9aaevnwwmq5mhzag...@mail.gmail.com
