On Sun, 2003-03-16 at 16:03, Jamin W. Collins wrote: > On Sun, Mar 16, 2003 at 03:05:07PM +0100, Aaron Isotton wrote: > > > I use a shell script in /etc/init.d to configure my firewall > > (iptables). Currently, it works as follows: > > > > - if it is called with "start", it checks for the existence of > > $STORAGE_FILE; if it exists, it exists saying that the firewall is > > already running, otherwise it writes the current iptables setup to > > $STORAGE_FILE using iptables-save and sets up the firewall. > > > > - if it is called with "stop", it checks for the existence of > > $STORAGE_FILE; if it doesn't exist, it exits saying that the firewall > > isn't running, otherwise it restores the old firewall setting using > > iptables-restore and deletes $STORAGE_FILE. > > > > My problem is: where should $STORAGE_FILE go? > > > (snip) > > > > I don't want to write a daemon (doing so I could check a pidfile for > > staleness and delete $STORAGE_FILE if necessary), as it isn't > > necessary; do you see any clean ways to solve this problem? > > Ditch the idea of iptable-save and iptables-restore. Create your script > in such a way that it flushes all existing rules on startup and then > builds all needed rules. If you'd like an example of how this is done > take a look at my script (http://asgardsrealm.net/linux/firewall/).
Hmm. That's the way I did it before (before having all these great ideas about iptables-save and iptables-restore). I don't very much like it, but that's the only way to do it reasonably, as it seems. Thanks. Aaron Isotton [ http://www.isotton.com ] -- My way of joking is to tell the truth. That's the funniest joke in the world. -- Muhammad Ali
signature.asc
Description: This is a digitally signed message part