Hi. On Mon, Aug 04, 2014 at 05:52:43PM +0300, Martin T wrote: > Hi, > > I made a very simple bash script which loads the iptables > configuration from /etc/firewall.conf and /etc/firewall6.conf files: > > # cat /etc/init.d/firewall > #!/bin/bash > > iptables-restore < /etc/firewall.conf > ip6tables-restore < /etc/firewall6.conf > # > > Script is stored in /etc/init.d/ directory, but I haven't configured > init to load this script directly. I use the pre-up option in > /etc/network/interfaces instead: > > # grep pre-up /etc/network/interfaces > pre-up /etc/init.d/firewall
It's better to move such script to /etc/network, as your script: a) Does not contain a customary LSB header, so it WILL confuse insserv(8) on next insserv invocation. b) Does not contain so much things usually put into init script that I even don't know where to begin. And, while we're it - your script does not contain anything bash-specific, so you can use '#!/bin/sh' as well. Also, I suggest you to take a look at this: https://packages.debian.org/wheezy/iptables-persistent > /etc/firewall.conf and /etc/firewall6.conf contain few simple > allow-rules to input chain and set default policies for chains in > input table to drop. The contents of those files would be welcome. I suspect that your current rules block lo interface that is most probably the source of the problem. And, do you really use NFS3? statd is needed for NFS versions 2 and 3 only. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140804163006.GA3283@x101h
