Tom H tomh0...@gmail.com wrote:
It's best to run an iptables script from /etc/network/if-pre-up.d/.
Unless you're using NetworkManager, which after two years and offers of
patches from the community, still doesn't support pre-up or post-down.
(I've come across this recently with a situation
On Tue, May 1, 2012 at 4:29 AM, Chris Davies chris-use...@roaima.co.uk wrote:
Tom H tomh0...@gmail.com wrote:
It's best to run an iptables script from /etc/network/if-pre-up.d/.
Unless you're using NetworkManager, which after two years and offers of
patches from the community, still doesn't
On Sun, Apr 29, 2012 at 4:08 AM, Bonno Bloksma b.blok...@tio.nl wrote:
It's best to run an iptables script from /etc/network/if-pre-up.d/.
Only for the rules which are related to a specific interface.
Ruleset initialization should not be done from there.
Why not?
Because it makes no sense
On Sun, Apr 29, 2012 at 8:44 AM, Pascal Hambourg pas...@plouf.fr.eu.org wrote:
Tom H a écrit :
On Sat, Apr 28, 2012 at 4:30 AM, Pascal Hambourg pas...@plouf.fr.eu.org
wrote:
Iptables should be initialized from an initscript run before networking.
I agree but until someone else pointed
On Mon, Apr 30, 2012 at 05:38:45AM -0400, Tom H wrote:
…or using something more or less non-standard like the
apf-firewall or arno-iptables-firewall packages (or any other iptables
frontend; these are the two that I know of).
ufw is another which is quite simple for basic firewall needs.
--
On Sat, Apr 28, 2012 at 01:15:52PM -0400, Tom H wrote:
On Sat, Apr 28, 2012 at 4:30 AM, Pascal Hambourg pas...@plouf.fr.eu.org
wrote:
Hello,
Tom H a écrit :
On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg pas...@plouf.fr.eu.org
wrote:
Tom H a écrit :
It's best to run an iptables
On Mon, Apr 30, 2012 at 11:14:36AM -0400, Rob Owens wrote:
On Sat, Apr 28, 2012 at 01:15:52PM -0400, Tom H wrote:
On Sat, Apr 28, 2012 at 4:30 AM, Pascal Hambourg pas...@plouf.fr.eu.org
wrote:
Hello,
Tom H a écrit :
On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg
On Mon, Apr 30, 2012 at 11:14:36AM -0400, Rob Owens wrote:
I have tried to use /etc/network/if-pre-up.d on my laptop (which uses
NetworkManager) and it does not load my iptables rules. But if I call
my script manually, it will load properly. Is NetworkManager
incompatible with
On Mon, Apr 30, 2012 at 11:25:47AM -0400, Rob Owens wrote:
Well, it didn't take long to find the answer on the internet. Get your
firewall set up and then:
iptables-save /etc/iptables/rules
I tested it and it works!
What version of the package? It would appear the file should be
On Mon, Apr 30, 2012 at 9:27 AM, Jon Dowland j...@debian.org wrote:
On Mon, Apr 30, 2012 at 05:38:45AM -0400, Tom H wrote:
…or using something more or less non-standard like the
apf-firewall or arno-iptables-firewall packages (or any other iptables
frontend; these are the two that I know of).
On Mon, Apr 30, 2012 at 11:14 AM, Rob Owens row...@ptd.net wrote:
I have tried to use /etc/network/if-pre-up.d on my laptop (which uses
NetworkManager) and it does not load my iptables rules. But if I call
my script manually, it will load properly. Is NetworkManager
incompatible with
On Mon, Apr 30, 2012 at 11:25 AM, Rob Owens row...@ptd.net wrote:
On Mon, Apr 30, 2012 at 11:14:36AM -0400, Rob Owens wrote:
In the meantime, I'm trying out iptables-persistent. I have it installed
now,
but there is no manpage and nothing useful in /usr/share/doc. Time to
do some
On Mon, Apr 30, 2012 at 04:47:30PM +0100, Jon Dowland wrote:
On Mon, Apr 30, 2012 at 11:25:47AM -0400, Rob Owens wrote:
Well, it didn't take long to find the answer on the internet. Get your
firewall set up and then:
iptables-save /etc/iptables/rules
I tested it and it works!
Tom H a écrit :
Googling through Debian lists, I see that you've disliked
/etc/network/if-pre-up.d/ since its inception; and rightly so.
I don't know what you've found, but you misunderstood : I do not dislike
/etc/network/if-*.d/.
But disliking the use of /etc/network/if-pre-up.d/ for
Tom H a écrit :
On Sat, Apr 28, 2012 at 4:30 AM, Pascal Hambourg pas...@plouf.fr.eu.org
wrote:
Iptables should be initialized from an initscript run before networking.
I agree but until someone else pointed out that there was
iptables-persistent for that, there was no packaged way of
Hi,
It's best to run an iptables script from /etc/network/if-pre-up.d/.
Only for the rules which are related to a specific interface.
Ruleset initialization should not be done from there.
Why not?
Because it makes no sense to re-initialize the ruleset every time an
interface is
On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg pas...@plouf.fr.eu.org wrote:
Tom H a écrit :
On Fri, Apr 27, 2012 at 4:05 AM, Joe j...@jretrading.com wrote:
But the save and restore commands only give you the iptables rules, and
you may want to do other network-related things when the
On Sat, 28 Apr 2012 02:41:29 -0400
Tom H tomh0...@gmail.com wrote:
On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg
pas...@plouf.fr.eu.org wrote:
Tom H a écrit :
On Fri, Apr 27, 2012 at 4:05 AM, Joe j...@jretrading.com wrote:
But the save and restore commands only give you the iptables
Hello,
Tom H a écrit :
On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg pas...@plouf.fr.eu.org
wrote:
Tom H a écrit :
It's best to run an iptables script from /etc/network/if-pre-up.d/.
Only for the rules which are related to a specific interface. Ruleset
initialization should not be done
On Jo, 26 apr 12, 22:38:25, Joe wrote:
The usual way to organise iptables rules is to have a script that runs
as part of the boot sequence, usually also checking for the correct
modules, starting IP forwarding, etc. It isn't a workaround to run it
from an rc, how else do you think things are
On Sat, Apr 28, 2012 at 3:40 AM, Joe j...@jretrading.com wrote:
On Sat, 28 Apr 2012 02:41:29 -0400
Tom H tomh0...@gmail.com wrote:
On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg
pas...@plouf.fr.eu.org wrote:
Tom H a écrit :
On Fri, Apr 27, 2012 at 4:05 AM, Joe j...@jretrading.com wrote:
On Sat, Apr 28, 2012 at 4:30 AM, Pascal Hambourg pas...@plouf.fr.eu.org wrote:
Hello,
Tom H a écrit :
On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg pas...@plouf.fr.eu.org
wrote:
Tom H a écrit :
It's best to run an iptables script from /etc/network/if-pre-up.d/.
Only for the rules which
On Fri, Apr 27, 2012 at 2:38 AM, Joe j...@jretrading.com wrote:
On Thu, 26 Apr 2012 14:13:28 +0500
Muhammad Yousuf Khan sir...@gmail.com wrote:
i run this command
iptables -t nat -A POSTROUTING -o eth1 -d 8.8.4.4 -j MASQUERADE
my client computers able to ping 8.8.4.4
but when i iptables
On Fri, 27 Apr 2012 12:06:37 +0500
Muhammad Yousuf Khan sir...@gmail.com wrote:
Thanks for the clearing my concept.
however i read some of the part via google that there is a file
/etc/network/iptables in Debian from where all the startup scripts run
for FW . may be i didnt got the correct
On Fri, Apr 27, 2012 at 4:05 AM, Joe j...@jretrading.com wrote:
On Fri, 27 Apr 2012 12:06:37 +0500
Muhammad Yousuf Khan sir...@gmail.com wrote:
Thanks for the clearing my concept.
however i read some of the part via google that there is a file
/etc/network/iptables in Debian from where all
Hello,
Muhammad Yousuf Khan a écrit :
i run this command
iptables -t nat -A POSTROUTING -o eth1 -d 8.8.4.4 -j MASQUERADE
my client computers able to ping 8.8.4.4
but when i iptables --flush -t nat it clrear the table but my
client can still ping the destination.
Do you mean that the
Tom H a écrit :
On Fri, Apr 27, 2012 at 4:05 AM, Joe j...@jretrading.com wrote:
But the save and restore commands only give you the iptables rules, and
you may want to do other network-related things when the 'service' is
started, such as loading conntrack modules for unusual protocols.
i run this command
iptables -t nat -A POSTROUTING -o eth1 -d 8.8.4.4 -j MASQUERADE
my client computers able to ping 8.8.4.4
but when i iptables --flush -t nat it clrear the table but my
client can still ping the destination.
i check iptables-save is shows that tables are empty.
i thought
On Thu, 26 Apr 2012 14:13:28 +0500
Muhammad Yousuf Khan sir...@gmail.com wrote:
i run this command
iptables -t nat -A POSTROUTING -o eth1 -d 8.8.4.4 -j MASQUERADE
my client computers able to ping 8.8.4.4
but when i iptables --flush -t nat it clrear the table but my
client can still
29 matches
Mail list logo
