On Tue, Jul 03, 2007, Amos Shapira wrote about "Re: Keeping iptables rules across reboots on Debian (lenny) ?": > Are you serious? You recommend people to edit a file with a syntax like:
Oh, and I forgot to mention the most important reason why I always - and in this case as well - like to configure things by editing a file, rather than by running commands that change the configuration a bit: Since /etc/sysconfig/iptables is a file, I can use my favorite file tools on it: I can edit it using my favorite editor, I can save versions of it using cp, cvs or whatever. When I edit the file, I see my changes in context of the rest of the configuration (I don't need to keep one window with "iptables -nvL" and enter iptable commands in the second). And yes - I also heavily comment my iptables file to explain why I poked certain holes in the firewall, or did other strange things. If you do various "iptables -A" commands in the command line and later this get saved automatically, in a month you might be scratching your head asking yourself when or why or who ever added this rule. This can't happen to me - because I put comments in the iptables file, and because it has an adjoined RCS history which I can use to see who and when added this rule. I'm not saying that automatic saving of firewall rules isn't good for everyone, I was just explaining why I prefer not to do it, even when Fedora (which I used) does appear to support this features. -- Nadav Har'El | Tuesday, Jul 3 2007, 17 Tammuz 5767 [EMAIL PROTECTED] |----------------------------------------- Phone +972-523-790466, ICQ 13349191 |To decide or not to decide, that is the http://nadav.harel.org.il |question. Or is it? ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
