On Sat, 28 Apr 2012 02:41:29 -0400 Tom H <[email protected]> wrote: > On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg > <[email protected]> wrote: > > Tom H a écrit : > >> On Fri, Apr 27, 2012 at 4:05 AM, Joe <[email protected]> wrote: > >>> > >>> But the save and restore commands only give you the iptables > >>> rules, and you may want to do other network-related things when > >>> the 'service' is started, such as loading conntrack modules for > >>> unusual protocols. > >> > >> It's best to run an iptables script from > >> "/etc/network/if-pre-up.d/". > > > > Only for the rules which are related to a specific interface. > > Ruleset initialization should not be done from there. > > Why not? Is this documented somewhere? If not, from where should > iptables rules be launched? > > "if-pre-up.d" is the only logical location (and it isn't tied to any > particular NIC) for launching an iptables script since Debian ripped > out "/etc/init.d/iptables". > > It's also the recommended location on the Debian wiki: > > http://wiki.debian.org/iptables > >
Which also mentions iptables-persistent. -- Joe -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
