On 2013-10-03, Kerin Millar <kerfra...@fastmail.co.uk> wrote: > On 03/10/2013 20:27, Grant Edwards wrote: > >> Let's say you wanted to configure routing of TCP packets based on >> destination port like in this example: >> >> http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html >> >> [which contains a series of 'ip' and 'iptables' commands to get packets >> destined for port 25 to use a specific gateway.] >> >> How do do this the "right" way on a Gentoo system?
[Where to put iptables and ip routing config/commands] > The iptables runscript is ideal for persisting the rules. However, > during the initial construction of a non-trivial ruleset, I prefer to > write a script that adds the rules. An elegant way of doing this is to > use iptables-restore with a heredoc. The method - and its advantages - > are described in this document (section 3): > > http://inai.de/documents/Perfect_Ruleset.pdf Excellent reference. >> What about the 'ip' commands required to set up the tables, routes, >> and rules? Do those go in a startup script somewhere? Does one just >> edit /etc/iproute2/rt_tables by hand? One would assume route >> configuration belongs > > I would use the files under /etc/iproute2 for their intended purpose > and a postup() hook in conf.d/net for anything else. When the > postup() function is entered, the IFACE variable is automatically set > to the name of the interface that triggered the event. Anything that > is valid bash can go there. Cool. That's the main piece I hadn't figured out yet. Thanks! -- Grant Edwards grant.b.edwards Yow! Now KEN and BARBIE at are PERMANENTLY ADDICTED to gmail.com MIND-ALTERING DRUGS ...
