-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 31-Jul-2002/22:07 -0400, "C. Linus Hicks" <[EMAIL PROTECTED]> wrote: >On Wed, 2002-07-31 at 16:33, Anthony E. Greene wrote: >> >> On 31-Jul-2002/13:06 -0400, "C. Linus Hicks" <[EMAIL PROTECTED]> wrote: >> >I took a somewhat heavy handed approach to this. I modified the iptables >> >script in /etc/init.d to check for the existence of a shell script I >> >wrote to set the rules, and if it exists, run that rather than applying >> >the saved rules. Please note that modifications such as this will more >> >than likely get lost the next time you upgrade. It is also susceptible >> >to updates like initscripts. >> >> This is why I generally recommend creating a shell script that creates all >> firewall rules, then saves them using "service iptables save". You update >> the script, run it, and the changes are made and saved. The next time you >> reboot and/or restart iptables, the changes created by the custom shell >> script are re-applied as part of the normal initscript process. > >That doesn't solve the problem when the act of booting may cause a new >IP address to be assigned.
My script does not use the IP address of the external interface. It filters packets based on the interface they came in on. Any packet received on ppp0 is assumed to have come from the Internet. Tony - -- Anthony E. Greene <mailto:[EMAIL PROTECTED]%3E> OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Messenger: TonyG05 HomePage: <http://www.pobox.com/~agreene/> Linux. The choice of a GNU generation <http://www.linux.org/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene <mailto:[EMAIL PROTECTED]> 0x6C94239D iD8DBQE9SN+8pCpg3WyUI50RAuhsAJ9A7VEvTC7bJu52A1nO96nRHXJnEgCgqGc0 G6u0dfA0s4uDMVeBYioeSl0= =EAZH -----END PGP SIGNATURE----- -- redhat-list mailing list Unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
