Firewall bootscript

CyberCom cybercom at flightmare.net
Mon Mar 22 23:14:48 PST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

DJ Lucas wrote:
|
| Most times I think it wouldn't matter either way.  You add a rule, then
| do a save (use the init script).  Guess I'm a pessimist, but I'd rather
| have the same state that I know has been working for months on end. Keep
| in mind, however, I am not a current user. I'm just trying to provide my
| view of a possible pitfall before a commitment is made to a default.
| I've expressed that view, now I bow out to Jeremy and others who know a
| lot more about it than I.
|
|>
|> Also remember that the format that iptables-restore uses would not
|> exactly
|> be the easiest to edit by hand, so use of my script would require
|> manually
|> running iptables-save > /etc/firewall.conf.
|>
|
| Or in the proposed script from before: /etc/rc.d/init.d/firewall save.

IMO restoring the old firewall only makes sense if you don't put in any
ip-specific rules. On my laptop it has different settings if it is so
running at home or at university. So I think the best would be using
adding a a parameter to the config file for the ethernet device where
you can telll the firewall script to save the old config and reload it
on startup or not.

Pascal

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAX+PoIUstudBv65YRAqY8AJ47uaEPO0j0xBJ4JSFqJrbauhMn/QCeM+so
TQUWfYAUSjxsTI7I6hQVttE=
=Mrpb
-----END PGP SIGNATURE-----



More information about the blfs-dev mailing list