-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrew Sackville-West wrote: > On Tue, Oct 17, 2006 at 07:08:47PM -0500, cothrige wrote: >> * Andrew Sackville-West ([EMAIL PROTECTED]) wrote: >>> isn't iptables part of the kernel and therefor up by default when the >>> kernel starts executing? >>> >>> A >> Yes, iptables as far as I know is part of the kernel, but the rules >> must be loaded. In Slackware I would create a script and put it in >> rc.d to be loaded. I suppose that I could do something similar with >> Debian, but would like to make sure that there is not some more >> correct way to handle it first. > > right, okay, I understand. sorry. Yeah, there is surely some Debian > way to do it. sorry, don't know it. > > A
Greetings Andres: The "Debian" way to do it is to use the directories in /etc/network. There are 4 directories: if-down.d if-post-down.d if-pre-up.d if-up.d You put scripts into each of these folders, and then they are run when each interface goes through one of these states. You need to be careful with this for firewall rules - if your box has 3 interfaces and you put a script into if-up.d/ the script will be run three times, once for each interface that is brought up. This can cause your rules to be loaded repeatedly. You will probably want to include if/then sections in your script to load rules based on the interface being brought up. A similar method (that might be a little easier for you to use for loading iptables rules) involves using options similar to the directories listed in the /etc/network/interfaces file. The following directives are understood: pre-up up post-up pre-down down post-down You would load your rules into a script and run the script using the up command in one of your interfaces. The man page for interfaces can give you the details. Good Luck. - -Scott -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFNX3SS7FYdPX6+iYRAj+zAJwIWuVGUqxq4Lp5qtffYNdScJS+KACffO4d iW98SPHKFw1lScO7x7n77+g= =M5tZ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
