Richard Melville wrote: >> >> Richard Melville wrote: >>> Can anybody tell me what the reason is for not using iptables-save and >>> iptables-restore? >> >> You can use them if you want, but I don't see a use for them unless you >> are doing some kind of dynamic control of the tables. It's better if >> the admin knows what rules are being used and they can be easily >> documented in rc.iptables.
>> Thanks Bruce, I can see the distinction now. I've created another file > for iptables-save which I can use after experimenting dynamically with the > iptables command. I can then copy across the relevant parts to the > firewall script in /etc/rc.d/rc.iptables. > > What I don't understand is: when setting the kernel parameters why enabling > or disabling *all* doesn't automatically affect *default*. That's just the way it was programmed. Also, in the > book only *default* is turned off in *accept-redirects* and not *all*, > unlike the other parameters. Maybe it should be. The script is just an example. Everyone will want to have a custom set of scripts for their own situation. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
