Maxim,
On Sun, Nov 12, 2006 at 12:44:01PM +0300, Maxim Timofeyev wrote:
> In rc.local? Our /etc/rc.d/init.d/networks don't support vlan. ;(
> rc.local startup after iptables and other...
Do you have any problems with that? I doubt it. Moreover, I think that
setting firewalling stuff _before_ network interfaces are brought up is
a good idea. For example:
-bash-3.1# iptables -A INPUT -i eth123 -j ACCEPT
-bash-3.1# iptables -L INPUT -xv
Chain INPUT (policy ACCEPT 541 packets, 43553 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT 0 -- eth123 any anywhere
anywhere
-bash-3.1# ip add ls
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:02:44:04:98:e1 brd ff:ff:ff:ff:ff:ff
inet 172.16.0.77/24 brd 172.16.0.255 scope global eth0
-bash-3.1#
As you can see I have no eth123 device yet, but I could set the
appropriate iptables rule.
--
(GM)
