> Date: Sun, 9 Mar 2014 17:07:47 +0000 > From: Richard Melville <[email protected]> > To: [email protected] > Subject: Re: [blfs-support] iptables > . . > What I don't understand is: when setting the kernel parameters why enabling > or disabling *all* doesn't automatically affect *default*. Also, in the > book only *default* is turned off in *accept-redirects* and not *all*, > unlike the other parameters. >
Iirc, *generally* if you change a setting under 'all', then it affects all currently-active network interfaces dynamically - i.e. the settings take effect 'immediately': whereas if you change a setting under 'default', then the setting is picked up only by subsequently-activated interfaces (including any stop/start of a currently-active interface: hence it's common to set both 'all' and 'default', if you want new settings to take effect right now for active interfaces, _and_ have them still pick up the value (this time via 'default') if they are stop/started). But really see the documentation re the particular commands/settings that you're wanting to work with - e.g. '/usr/src/linux/Documentation/networking/ip-sysctl.txt', or Oskar Andreasson's (old but still good) tutorial, or iptables' own docs - as there's variations; and generally as otherwise it's easy to create a firewall that isn't doing what one might think it's doing. hth, akh -- -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
