On Tue, May 1, 2012 at 4:29 AM, Chris Davies wrote:
> Tom H wrote:
>>
>> It's best to run an iptables script from "/etc/network/if-pre-up.d/".
>
> Unless you're using NetworkManager, which after two years and offers of
> patches from the community, still doesn't support pre-up or post-down.
>
> (
Tom H wrote:
> It's best to run an iptables script from "/etc/network/if-pre-up.d/".
Unless you're using NetworkManager, which after two years and offers of
patches from the community, still doesn't support pre-up or post-down.
(I've come across this recently with a situation where I want my mai
Tom H a écrit :
>
> Googling through Debian lists, I see that you've disliked
> "/etc/network/if-pre-up.d/" since its inception; and rightly so.
I don't know what you've found, but you misunderstood : I do not dislike
/etc/network/if-*.d/.
> But disliking the use of "/etc/network/if-pre-up.d/" f
On Mon, Apr 30, 2012 at 04:47:30PM +0100, Jon Dowland wrote:
> On Mon, Apr 30, 2012 at 11:25:47AM -0400, Rob Owens wrote:
> > Well, it didn't take long to find the answer on the internet. Get your
> > firewall set up and then:
> >
> > iptables-save > /etc/iptables/rules
> >
> > I tested it and i
On Mon, Apr 30, 2012 at 11:25 AM, Rob Owens wrote:
> On Mon, Apr 30, 2012 at 11:14:36AM -0400, Rob Owens wrote:
>>
>> In the meantime, I'm trying out iptables-persistent. I have it installed
>> now,
>> but there is no manpage and nothing useful in /usr/share/doc. Time to
>> do some research...
On Mon, Apr 30, 2012 at 11:14 AM, Rob Owens wrote:
> I have tried to use /etc/network/if-pre-up.d on my laptop (which uses
> NetworkManager) and it does not load my iptables rules. But if I call
> my script manually, it will load properly. Is NetworkManager
> incompatible with /etc/network/if-
On Mon, Apr 30, 2012 at 9:27 AM, Jon Dowland wrote:
> On Mon, Apr 30, 2012 at 05:38:45AM -0400, Tom H wrote:
>>
>> …or using something more or less non-standard like the
>> apf-firewall or arno-iptables-firewall packages (or any other iptables
>> frontend; these are the two that I know of).
>
> uf
On Mon, Apr 30, 2012 at 11:25:47AM -0400, Rob Owens wrote:
> Well, it didn't take long to find the answer on the internet. Get your
> firewall set up and then:
>
> iptables-save > /etc/iptables/rules
>
> I tested it and it works!
What version of the package? It would appear the file should be r
On Mon, Apr 30, 2012 at 11:14:36AM -0400, Rob Owens wrote:
> I have tried to use /etc/network/if-pre-up.d on my laptop (which uses
> NetworkManager) and it does not load my iptables rules. But if I call
> my script manually, it will load properly. Is NetworkManager
> incompatible with /etc/networ
On Mon, Apr 30, 2012 at 11:14:36AM -0400, Rob Owens wrote:
> On Sat, Apr 28, 2012 at 01:15:52PM -0400, Tom H wrote:
> > On Sat, Apr 28, 2012 at 4:30 AM, Pascal Hambourg
> > wrote:
> > > Hello,
> > > Tom H a écrit :
> > >> On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg
> > >> wrote:
> > >>> To
On Sat, Apr 28, 2012 at 01:15:52PM -0400, Tom H wrote:
> On Sat, Apr 28, 2012 at 4:30 AM, Pascal Hambourg
> wrote:
> > Hello,
> > Tom H a écrit :
> >> On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg
> >> wrote:
> >>> Tom H a écrit :
> It's best to run an iptables script from "/etc/network
On Mon, Apr 30, 2012 at 05:38:45AM -0400, Tom H wrote:
> …or using something more or less non-standard like the
> apf-firewall or arno-iptables-firewall packages (or any other iptables
> frontend; these are the two that I know of).
ufw is another which is quite simple for basic firewall needs.
-
On Sun, Apr 29, 2012 at 8:44 AM, Pascal Hambourg wrote:
> Tom H a écrit :
>> On Sat, Apr 28, 2012 at 4:30 AM, Pascal Hambourg
>> wrote:
>>> Iptables should be initialized from an initscript run before networking.
>>
>> I agree but until someone else pointed out that there was
>> iptables-pers
On Sun, Apr 29, 2012 at 4:08 AM, Bonno Bloksma wrote:
>> It's best to run an iptables script from "/etc/network/if-pre-up.d/".
> Only for the rules which are related to a specific interface.
> Ruleset initialization should not be done from there.
Why not?
>>>
>>> Because it
Tom H a écrit :
> On Sat, Apr 28, 2012 at 4:30 AM, Pascal Hambourg
> wrote:
>>
>> Iptables should be initialized from an initscript run before networking.
>
> I agree but until someone else pointed out that there was
> iptables-persistent for that, there was no packaged way of doing so.
Actuall
Hi,
> It's best to run an iptables script from "/etc/network/if-pre-up.d/".
Only for the rules which are related to a specific interface.
Ruleset initialization should not be done from there.
>>>
>>> Why not?
>>
>> Because it makes no sense to re-initialize the ruleset every time an
On Sat, Apr 28, 2012 at 4:30 AM, Pascal Hambourg wrote:
> Hello,
> Tom H a écrit :
>> On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg
>> wrote:
>>> Tom H a écrit :
It's best to run an iptables script from "/etc/network/if-pre-up.d/".
>>> Only for the rules which are related to a specific i
On Sat, Apr 28, 2012 at 3:40 AM, Joe wrote:
> On Sat, 28 Apr 2012 02:41:29 -0400
> Tom H wrote:
>> On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg
>> wrote:
>> > Tom H a écrit :
>> >> On Fri, Apr 27, 2012 at 4:05 AM, Joe wrote:
>> >>>
>> >>> But the save and restore commands only give you the
On Jo, 26 apr 12, 22:38:25, Joe wrote:
>
> The usual way to organise iptables rules is to have a script that runs
> as part of the boot sequence, usually also checking for the correct
> modules, starting IP forwarding, etc. It isn't a workaround to run it
> from an rc, how else do you think things
Hello,
Tom H a écrit :
> On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg
> wrote:
>> Tom H a écrit :
>>> It's best to run an iptables script from "/etc/network/if-pre-up.d/".
>> Only for the rules which are related to a specific interface. Ruleset
>> initialization should not be done from there
On Sat, 28 Apr 2012 02:41:29 -0400
Tom H wrote:
> On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg
> wrote:
> > Tom H a écrit :
> >> On Fri, Apr 27, 2012 at 4:05 AM, Joe wrote:
> >>>
> >>> But the save and restore commands only give you the iptables
> >>> rules, and you may want to do other net
On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg wrote:
> Tom H a écrit :
>> On Fri, Apr 27, 2012 at 4:05 AM, Joe wrote:
>>>
>>> But the save and restore commands only give you the iptables rules, and
>>> you may want to do other network-related things when the 'service' is
>>> started, such as l
Tom H a écrit :
> On Fri, Apr 27, 2012 at 4:05 AM, Joe wrote:
>>
>> But the save and restore commands only give you the iptables rules, and
>> you may want to do other network-related things when the 'service' is
>> started, such as loading conntrack modules for unusual protocols.
>
> It's best t
Hello,
Muhammad Yousuf Khan a écrit :
> i run this command
>
> iptables -t nat -A POSTROUTING -o eth1 -d 8.8.4.4 -j MASQUERADE
>
> my client computers able to ping 8.8.4.4
>
> but when i "iptables --flush -t nat" it clrear the table but my
> client can still ping the destination.
Do you mean
On Fri, Apr 27, 2012 at 4:05 AM, Joe wrote:
> On Fri, 27 Apr 2012 12:06:37 +0500
> Muhammad Yousuf Khan wrote:
>>
>> Thanks for the clearing my concept.
>> however i read some of the part via google that there is a file
>> /etc/network/iptables in Debian from where all the startup scripts run
>>
On Fri, 27 Apr 2012 12:06:37 +0500
Muhammad Yousuf Khan wrote:
> Thanks for the clearing my concept.
> however i read some of the part via google that there is a file
> /etc/network/iptables in Debian from where all the startup scripts run
> for FW . may be i didnt got the correct idea out of it.
On Fri, Apr 27, 2012 at 2:38 AM, Joe wrote:
> On Thu, 26 Apr 2012 14:13:28 +0500
> Muhammad Yousuf Khan wrote:
>
>> i run this command
>>
>> iptables -t nat -A POSTROUTING -o eth1 -d 8.8.4.4 -j MASQUERADE
>>
>> my client computers able to ping 8.8.4.4
>>
>> but when i "iptables --flush -t nat"
On Thu, 26 Apr 2012 14:13:28 +0500
Muhammad Yousuf Khan wrote:
> i run this command
>
> iptables -t nat -A POSTROUTING -o eth1 -d 8.8.4.4 -j MASQUERADE
>
> my client computers able to ping 8.8.4.4
>
> but when i "iptables --flush -t nat" it clrear the table but my
> client can still ping the
i run this command
iptables -t nat -A POSTROUTING -o eth1 -d 8.8.4.4 -j MASQUERADE
my client computers able to ping 8.8.4.4
but when i "iptables --flush -t nat" it clrear the table but my
client can still ping the destination.
i check "iptables-save" is shows that tables are empty.
i thought
29 matches
Mail list logo
