On Tue, Jul 03, 2007, Amos Shapira wrote about "Re: Keeping iptables rules across reboots on Debian (lenny) ?": > >The approach I like better is to edit > > > > /etc/sysconfig/iptables >.. > Are you serious? You recommend people to edit a file with a syntax like: >...
Yes! The "Generated by iptables-save" comment and the ugly counters only happen because you used iptables-save to generate this file. I actually generated this file by hand (or took Fedora's default example and modified that), and it doesn't look that ugly. > over scripting a list of "iptables -A" commands which can be repeated and > made idempotent? A simple script of "iptables -A" isn't that much different than the iptables save file. In any case, like I said, I looked at my entire iptables as one whole setup. I never want to save these counters. Let me put what I said another way. The method I suggested is similar to how Unix handles shell variables: if you want to change a shell variable forever (all instances of the shell), you edit your .profile, and read it again. If you just run "a=3", you intend this change to be temporary, and don't intend for it to be saved; In fact, you don't *want* it to be saved. No Unix shell that I know saves every variable you set back to your .profile, although, theoretically, doing this isn't all that hard. So, using the psychometric-test nomenclature, /etc/sysconfig/iptables is to iptables what ~/.profile is to sh. > Not to mention that the numbers in the "[xxx:yyy]" are counters which are > lost if you don't save them over reboots. Indeed. I don't care about these counters. -- Nadav Har'El | Tuesday, Jul 3 2007, 17 Tammuz 5767 [EMAIL PROTECTED] |----------------------------------------- Phone +972-523-790466, ICQ 13349191 |Tact: The ability to describe others as http://nadav.harel.org.il |they see themselves. - Abraham Lincoln ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
