Hi, >>>>> It's best to run an iptables script from "/etc/network/if-pre-up.d/". >>>> Only for the rules which are related to a specific interface. >>>> Ruleset initialization should not be done from there. >>> >>> Why not? >> >> Because it makes no sense to re-initialize the ruleset every time an >> interface is activated. >> >>> Is this documented somewhere? If not, from where should iptables >>> rules be launched? >> >> Iptables should be initialized from an initscript run before networking. > > I agree but until someone else pointed out that there was iptables-persistent > for that, there was no packaged way of doing so. > > Until iptables-persistent was released in July 2009, there wasn't a packaged > way of doing so and using "/etc/network/if-pre-up.d/" was the recommended > way, as documented in the Debian wiki.
I have been running iptable scripts for years but never ran them from "/etc/network/if-pre-up.d/". In Debian I have always used the pre-up line in the interfaces file, in RedHat I used the rc.local file or created my own Sxx link in the rc.X drectories to get it started before the network came up. The other way to save/load iptables rules has been to use iptables-save and iptables-restore (or something like it) which I have used in the old days when there was RedHat 4.x (before it came to be known as Fedora) and so on. Bonno -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
