On Sun, Apr 29, 2012 at 8:44 AM, Pascal Hambourg <pas...@plouf.fr.eu.org> wrote: > Tom H a écrit : >> On Sat, Apr 28, 2012 at 4:30 AM, Pascal Hambourg <pas...@plouf.fr.eu.org> >> wrote:
>>> Iptables should be initialized from an initscript run before networking. >> >> I agree but until someone else pointed out that there was >> iptables-persistent for that, there was no packaged way of doing so. > > Actually, the iptables package itself used to contain such facility. But > it was removed in later versions. I know. I've never understood why that facility was removes and am glad that someone's seen fit to package iptables-persistent to re-enable that facility. >> Until iptables-persistent was released in July 2009, there wasn't a >> packaged way of doing so and using "/etc/network/if-pre-up.d/" was the >> recommended way, as documented in the Debian wiki. > > I am not going to argue endlessly about this, but IMO being mentionned > in the Debian wiki does not make it "the recommended way". Googling through Debian lists, I see that you've disliked "/etc/network/if-pre-up.d/" since its inception; and rightly so. But disliking the use of "/etc/network/if-pre-up.d/" for iptables doesn't mean that Debian isn't committed to it and that it isn't that way that we're expected to run iptables; although the existence of iptables-persistent has given us an option other than creating our own init script or using something more or less non-standard like the apf-firewall or arno-iptables-firewall packages (or any other iptables frontend; these are the two that I know of). -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAOdo=SwedWp3n9+dvg-cNR=Nzo98F3EE9KyQuDRkzJN91=k...@mail.gmail.com