On Sat, Aug 25, 2012 at 10:05:18AM -0500, Bruce Dubbs wrote: > Ken Moffat wrote: > > > > Relatedly : for iptables, why isn't it a regular script in init.d ? > > That's the way I've always done it. When I added the section on setting > up a firewall, I just used what I'd always done. There's the scriot > /etc/init.d/iptables, but the script rc.iptables is, in a way, > configuration. It doesn't really fit in either /etc/init.d or > /etc/sysconfig. Other distros make what is rc.iptables into > configuration file by just removing the 'iptables' executable. I don't > like that as it's an unneeded level of indirection. >
I can understand the wish to avoid indirection. My initial problems were in changing the script so that the necessary things could get through, > > And is there any interest in _different_ variants ? e.g. on this > > (7.2 :) desktop I've got rules for ssh (if I started it), tcp and > > udp if established or related, loopback, dns, ntp, icmp if related - > > and I should also permit multicast. > > What you should have is a different discussion. I've never been able to > get straming radio to work over the internet and it may be because IP > ports above 225 get blocked. > > -- Bruce No, my only problem with multicast is that I get pairs of 'dropped' messages spamming the log. At first, I only had iptables running on the server, and at that time only used a desktop briefly. This week, with iptables running on the desktop machine, I checked the log and found the message. Then I checked the server's log and found some of the same messages. ĸen -- das eine Mal als Tragödie, das andere Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
