On Wed, 2006-08-23 at 11:51 +1000, Mary Gardiner wrote: > Is there a canonical way of writing interface specific iptables scripts? > > At the moment, I'm trying to write a couple of scripts with this > behaviour to put in /etc/network/if[action].d/: > - when lo comes up, add an iptables rule > - when lo comes down, delete that same iptables rule > > Other rules, ideally, would not be touched by that.
Brainstorming follows. Create a new chain, say lo-rules, with a default policy of RETURN. Jump to it at the appropriate place in your firewall script. When lo comes up, add your iptables rule to the lo-rules chain. When lo goes down, flush the lo-rules chain. -- Pete -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
