On Monday 02 December 2019 07:46:22 Alessandro Vesely wrote: > On Mon 02/Dec/2019 10:35:26 +0100 Andrei POPESCU wrote: > > You might want to install iptables-persistent, otherwise you'll have > > to roll-out your own solution. > > I'm not using iptables-persistent, but just looked at it out of > curiosity. > > Its LSB: > > ### BEGIN INIT INFO > # Provides: netfilter-persistent > # Required-Start: mountkernfs $remote_fs > # Required-Stop: $remote_fs > # Default-Start: S > # Default-Stop: 0 1 6 > # Short-Description: Load boot-time netfilter configuration > # Description: Loads boot-time netfilter configuration > ### END INIT INFO > > S also starts in single-user mode, i.e. without network? > > $remote_fs requires ip links to be already set up? > > Stop, for good measure, does nothing. The comment in the script is > crisply nice: > > stop) > # Why? because if stop is used, the firewall gets flushed for a > variable # amount of time during package upgrades, leaving the machine > vulnerable # It's also not always desirable to flush during purge > echo "Automatic flushing disabled, use \"flush\" instead of > \"stop\"" ;; > > > In the particular case of iptables instead of writing a script you > > should probably just reuse your existing rules file and load that > > with an 'iptables-restore' from the .service unit. > > That's somewhat questionable in some cases. I'd recommend to write a > script with iptables commands rather than interactively issue iptables > command until you are satisfied with the current setup. That's > natural, since iptables doesn't give a visual feedback, so reasoning > is your best friend. IOW, a commented script is more readable than an > interactive setup. > > Then, since you have a script, why not run it directly, rather than > saving/restoring its results?
Since I had spent a week battling the bots, and doing a new save for every addition, I find the iptables-restore both starts it and restores it. Good enough till I get a new machine built, by the weekend I hope. > > We are quite far from the original topic so I would suggest you > > start a new thread in case you need assistance with this. > > I try, but don't reset References:/In-Reply-To: header fields. And kmail doesn't make that easy. > > Best > Ale Thanks Alessandro. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis Genes Web page <http://geneslinuxbox.net:6309/gene>
