Is there a canonical way of writing interface specific iptables scripts? At the moment, I'm trying to write a couple of scripts with this behaviour to put in /etc/network/if[action].d/: - when lo comes up, add an iptables rule - when lo comes down, delete that same iptables rule
Other rules, ideally, would not be touched by that. The trouble is that iptables doesn't seem to have great support for this automated rule-specific kind of operation. Individual rules can be deleted with -D, but only if you know the rule number which, as far as I can tell, you work out by running 'iptables -L' and counting the rules from the top of the chain. So are people doing this kind of interface specific iptables rules, and if so, how are you doing it? Is there a blessed way, or just a bunch of ways? -Mary -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
