>>>>> Pascal Hambourg <[email protected]> writes:
>>>>> Ivan Shmakov a écrit :
>>>>> Pascal Hambourg <[email protected]> writes:
>>> Indeed. My opinion is that only interface-specific action such as
>>> creating interface-specific firewall rules should be performed in
>>> /etc/network/if-*.d/ scripts,
>> Huh? Why one might need to put interface-specific scripts into
>> non-interface-specific if-*.d/ directories? Did you mean
>> /etc/network/interfaces {pre,post}-{up,down} options here?
> These scripts get interface parameters such as name, address, custom
> options... defined in /etc/network/interface and thus can perform
> interface-specific tasks while being versatile.
Strangely, I cannot find where these directories are documented.
Could you provide a pointer, please?
>>> as well as in /etc/ppp/ip*.d/ scripts.
>> ... Also, is there any good reason to change the firewall
>> configuration as the interfaces are brought up and down at all?
> Yes, when iptables rules need some parameters such as interface name,
> address... which are variable.
Any particular example to consider?
> This is rather common for PPP interfaces.
Well, yes, though I'd consider using the `unit' pppd(8) option
to fix the interface name once and for all.
It's likely that I'm missing something trivial here, but it
somehow seems to me that at least the major part of the
iptables(8) configuration is going to be static anyway.
--
FSF associate member #7257
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
