[blfs-dev] [blfs-book] r10486 - in trunk/BOOK: . archive gnome/core introduction/welcome multimedia/libdriv multimedia/videoutils networking/netprogs postlfs/security pst/printing pst/scanning server/databases server/mail server/major server/other xsoft/other

Ken Moffat zarniwhoop at ntlworld.com
Sat Aug 25 09:37:06 PDT 2012

On Sat, Aug 25, 2012 at 10:05:18AM -0500, Bruce Dubbs wrote:
> Ken Moffat wrote:
> >   Relatedly : for iptables, why isn't it a regular script in init.d ?
> That's the way I've always done it.  When I added the section on setting 
> up a firewall, I just used what I'd always done.  There's the scriot 
> /etc/init.d/iptables, but the script rc.iptables is, in a way, 
> configuration.  It doesn't really fit in either /etc/init.d or 
> /etc/sysconfig.  Other distros make what is rc.iptables into 
> configuration file by just removing the 'iptables' executable.  I don't 
> like that as it's an unneeded level of indirection.

 I can understand the wish to avoid indirection.  My initial
problems were in changing the script so that the necessary things
could get through,

> > And is there any interest in _different_ variants ?  e.g. on this
> > (7.2 :) desktop I've got rules for ssh (if I started it), tcp and
> > udp if established or related, loopback, dns, ntp, icmp if related -
> > and I should also permit multicast.
> What you should have is a different discussion.  I've never been able to 
> get straming radio to work over the internet and it may be because IP 
> ports above 225 get blocked.
>    -- Bruce

 No, my only problem with multicast is that I get pairs of 'dropped'
messages spamming the log.  At first, I only had iptables running on
the server, and at that time only used a desktop briefly.  This
week, with iptables running on the desktop machine, I checked the log
and found the message.  Then I checked the server's log and found
some of the same messages.

das eine Mal als Tragödie, das andere Mal als Farce

More information about the blfs-dev mailing list