> On Sat, May 14, 2011 at 00:31, Bernd Zeimetz <be...@bzed.de> wrote: > > to the network config in your /etc/network/interfaces and at the point when > > you > > have a well working iptables config use > > iptables-save > /etc/network/iptables.save
I go further: I run the iptables-save > /etc/network/iptables.rules only once, to create a skeleton, and after that I treat that file as primary source. I edit it as needed and "apply changes" with iptables-restore, which atomically replaces the whole set. This seems more natural to me than treating the live system as primary source and "editing" that with iptables. (Text editors provide a much more natural interface than iptables does, for operations like renaming tables, reordering and grouping rules logically, and the like. Plus, I can add arbitrary comments.) I wouldn't mind a 'pre-up iptables-restore /etc/network/iptables.rules' in the debian interfaces file by default ... but I don't expect it will ever happen (lots of people don't work the way I work), so I add it myself. -- Peter Samuelson | org-tld!p12n!peter | http://p12n.org/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110517153012.ge20...@p12n.org
