Re: iptables start on boot
From: Ralph Crongeyer (ralph_at_crongeyer.com)
Date: 06/29/04
- Previous message: John Summerfield: "Re: raise user accounts max fd"
- In reply to: John Summerfield: "Re: iptables start on boot"
- Next in thread: CW Harris: "Re: iptables start on boot"
- Reply: CW Harris: "Re: iptables start on boot"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 29 Jun 2004 10:14:52 -0400 To: John Summerfield <debian@ComputerDatasafe.com.au>
John Summerfield wrote:
> blm@woodheap.org wrote:
>
>> I recently installed debian testing (sarge) on a clients machine and am
>> trying to
>> get the firewall to load on reboot. AFAIK there was a
>> /etc/init.d/iptables script in
>> previous releases of debian but it doesn't seem to be there anymore.
>>
>> Is this correspond to others experiences? Has this script been replaced
>> with a
>> different mechanism for starting iptables at boot time?
>>
>>
> The script has been superceded: I've not discovered by what: I'm not
> interested. The author clearly wasn't happy with it.
>
> Since you're asking I guess, like me, you're not entirely comfortable
> with rolling your own.
>
> I'm using shorewall on some Woody boxes. I just installed it on Sarge
> and decided it's going to take well over five minutes to configure.
> There _is_ a webmin module for it; I've not looked at it yet though.
>
> There are also other firewall packages: fwbuilder comes to mind.
>
>
Below is a previous discussion I had going on this list. Sorry if it's
not much help. :-)
It seems that nobody working with Debian is interested in a way to
handle this problem, as I got very little response to the issue. anyway
here is the e-mail/s.
Does anyone know if there is a plan to fix/address this before the next
release?
Also, could someone give me a copy of the old script
"/etc/init.d/iptables". I need a way to save my rules, as we all do.
Thanks.
Ralph
Darryl Luff wrote:
>On Sun, 13 Jun 2004 08:15 am, Ralph Crongeyer wrote:
>
>
>>Darryl Luff wrote:
>>
>>
>>>Ralph Crongeyer wrote:
>>>
>>>
>>>>How does one save iptables rules in Debian "Unstable/SID"? I've tried
>>>>iptables-save and get some output with no errors, but when I reboot
>>>>all my rules are gone? Is there a "Debian way" of doing this? Rather
>>>>
>>>>
>...
>
>
>>>If you dont have the init scripts (which are apparently deprecated) I
>>>think the rules aren't automatically restored on reboot. In Testing at
>>>least there are some notes in /usr/share/doc/iptables/README.Debian.gz
>>>that show how to do it using ifupdown, which doesn't quite seem right
>>>to me unless you have seperate per-interface rules, but on a single
>>>interface box I suppose it doesnt matter.
>>>.
>>>
>>>
>>I guess it doesn't matter for a single interface but it hardly seems
>>like the best solution either. At least to me. It seems there used to be
>>a script in /etc/init.d/ called iptables to start and stop and save
>>rules. It's all over google. But that script doesn't exist on any of my
>>four SID boxes, unless it is provided by another package?
>>
>>
>>
>It's deprecated in current SID so the only machines that have it are ones that
>have been around for a while and been upgraded.
>
>
>
>>There must be a better way to handel this than ifupdown? Does anyone
>>know of plans to bring the script back? Or other plans for another
>>solution?
>>
>>
>>
>I don't know what the plan is. I don't like using ifupdown because you'd have
>to manage a separate rule script for each interface. But I've never liked
>the init.d script because I normally expect things in there to be actually
>starting daemons. But come to think of it that's not valid anyway.
>
>I think the logical place would be at the end of /etc/init.d/networking. It
>could look for /etc/network/firewall and run it if it existed. This is the
>file that sets up routing and anti-spoofing, and the firewall should be
>configured as soon as possible after the network comes up.
>
>Darryl.
>
>
Ralph
-- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- Previous message: John Summerfield: "Re: raise user accounts max fd"
- In reply to: John Summerfield: "Re: iptables start on boot"
- Next in thread: CW Harris: "Re: iptables start on boot"
- Reply: CW Harris: "Re: iptables start on boot"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
