On Sat, Apr 28, 2012 at 4:30 AM, Pascal Hambourg <pas...@plouf.fr.eu.org> wrote: > Hello, > Tom H a écrit : >> On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg <pas...@plouf.fr.eu.org> >> wrote: >>> Tom H a écrit : >>>> It's best to run an iptables script from "/etc/network/if-pre-up.d/". >>> Only for the rules which are related to a specific interface. Ruleset >>> initialization should not be done from there. >> >> Why not? > > Because it makes no sense to re-initialize the ruleset every time an > interface is activated. > >> Is this documented somewhere? If not, from where should >> iptables rules be launched? > > Iptables should be initialized from an initscript run before networking.
I agree but until someone else pointed out that there was iptables-persistent for that, there was no packaged way of doing so. Until iptables-persistent was released in July 2009, there wasn't a packaged way of doing so and using "/etc/network/if-pre-up.d/" was the recommended way, as documented in the Debian wiki. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAOdo=szpmavpha5e7wgdfwevlubshdtivnb9ynvp8hphx1e...@mail.gmail.com
