Re: /etc/sysconfig/iptables format

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick Schaaf <bof@bof.de>
To: Arch Harris <netfilter02@jah.cs.jmu.edu>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: /etc/sysconfig/iptables format
Date: Sun, 24 Nov 2002 11:40:18 +0100	[thread overview]
Message-ID: <20021124104018.GC14672@oknodo.bof.de> (raw)
In-Reply-To: <Pine.LNX.4.44.0211200005530.5235-100000@azalea.cs.jmu.edu>

Hi Arch,

[regarding iptables-save format]

> I realize the syntax fllows the iptables command arguments.  But there
> are some differences.  Things like: *filter, COMMIT, etc.  I think
> I have figured most of this stuff out, but a man page and/or HOWTO
> chapter describing the file format sure would be nice.

I agree to the need for docs (do you volunteer writing them?), if, and
only if, at the same time, future compatibility promises regarding the
format, are carefully formulated. I'd propose "can change completely
any time soon when the new pkttables replaces the current mess that
is iptables". To Harald Welte: would that be an appropriate formulation?

As far as I know, the format was never intended for end user usage,
and distributions (redhat, in your case, right?) were wrong basing
their operation on it. At least the Debian maintainers seem to be
aware of that fact, as the comments in the relevant startup scripts
basically say not to use or rely on them (my information stemming
from the Woody distribution of Debian.)

Personally, I write my iptables "templates" in the traditional shell
script form, executing anew on each boot, and when I need to change
the rules, I change the scripts, and rerun "init.d/xxx start".
Sometimes, first I prototype the change by modifying the running
ruleset. Never do I use save/restore. The lack of structure and
comments alone, is reason enough for me to avoid going that route.

best regards
  Patrick

next prev parent reply	other threads:[~2002-11-24 10:40 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-11-20  5:21 /etc/sysconfig/iptables format Arch Harris
2002-11-24 10:40 ` Patrick Schaaf [this message]
2002-11-24 12:28   ` Bart De Schuymer
2002-11-24 11:52     ` Patrick Schaaf
2002-11-24 14:14       ` Bart De Schuymer
2002-11-24 15:16 ` kernel 2.5 and patch-o-matic laurent.ml
     [not found] <Pine.LNX.4.44.0211241130360.17298-100000@azalea.cs.jmu.edu>
2002-11-24 20:06 ` /etc/sysconfig/iptables format Bart De Schuymer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20021124104018.GC14672@oknodo.bof.de \
    --to=bof@bof.de \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=netfilter02@jah.cs.jmu.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.