> Let me try explaining what is it that I find missing in Debian's > iptables setup: > > The most basic use case is for a sysadmin to configure rules and > expect them to survive reboot. This is the behavior he is familiar > with from nearly every enterprise FW device. Here, on Debian OTOH he's > instructed to script in /etc/network/if-pre-up.d to have the system > load iptables rule set on boot, reasonable except for the single issue > of him required to also _remember_ to iptables-save those rules on > each modification. I find this process error prone. The is not a > single utility (AFAIK) in Debian repository to automate this process.
I find the current behaviour much more intuitive for remote management, where all you have as a rollback in case of a wrong change. In this case, you just ask for simple remote-hands-and-eyes reboot of the server, and it is restored automatically to the last configuration, which was used last time you logged in. If you have console access, it's a different thing. I agree that, perhaps, a mid or low priority debconf option to change it to auto-save every change would be reasonable, as long as it is not a default. V. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
