cybercom at flightmare.net
Mon Mar 22 23:14:48 PST 2004
-----BEGIN PGP SIGNED MESSAGE-----
DJ Lucas wrote:
| Most times I think it wouldn't matter either way. You add a rule, then
| do a save (use the init script). Guess I'm a pessimist, but I'd rather
| have the same state that I know has been working for months on end. Keep
| in mind, however, I am not a current user. I'm just trying to provide my
| view of a possible pitfall before a commitment is made to a default.
| I've expressed that view, now I bow out to Jeremy and others who know a
| lot more about it than I.
|> Also remember that the format that iptables-restore uses would not
|> be the easiest to edit by hand, so use of my script would require
|> running iptables-save > /etc/firewall.conf.
| Or in the proposed script from before: /etc/rc.d/init.d/firewall save.
IMO restoring the old firewall only makes sense if you don't put in any
ip-specific rules. On my laptop it has different settings if it is so
running at home or at university. So I think the best would be using
adding a a parameter to the config file for the ethernet device where
you can telll the firewall script to save the old config and reload it
on startup or not.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the blfs-dev