From: Alistair Tonner <Alistair@nerdnet.ca>
To: netfilter@lists.netfilter.org
Subject: Re: Saving IPTable rules..oops
Date: Wed, 29 Dec 2004 19:08:36 -0500 [thread overview]
Message-ID: <200412291908.37162.Alistair@nerdnet.ca> (raw)
In-Reply-To: <1104359353.1972.40.camel@localhost>
On December 29, 2004 05:29 pm, John A. Sullivan III wrote:
> On Wed, 2004-12-29 at 15:15, R. DuFresne wrote:
> <snip>
>
> > > > Jason
> > >
> > > The way I've typically seen it work is that the init.d/iptables script
> > > calls iptables-restore and passes it the /etc/sysconfig/iptables file.
> > > This file is written when you do init.d/iptables save.
> >
> > perhaps on redhat and debian, and maybe suse systems that have moved away
> > from the standard upon which linux was formed, namely bsd. Those dists
> > that retain their bsd layouts have no /etc/init.d directory, everything
> > lies under /etc/rc.d/. They also lack the red-hat layout of a
> > /etc/sysconfig/ directory. And it's a shame things are seperating out in
> > the linux world like this as many of the tools and toys bewing created
> > either conform to the new redhat layouts or follow older established
> > standards. Thus, some tools that have been coming out the past few years
> > are only good under redhat or debian or suse, and fail to function if
> > they compile at all, without being hacked prior to a make, and sometimes
> > my skills are not enough to hack them into compiling at all uunder a
> > different, more standard dist. <sigh>
> >
> >
> > Thanks,
> >
> > Ron DuFresne
>
> Thanks for pointing that out, Ron. I was going to mention it but then
> thought it would just muddy the waters. We use both SYSV and BSD style
> scripts in the ISCS project. The iptables script in the rc directories
> can still call iptables-restore and reference an iptables file. That's
> what we typically do. If I recall correctly, isn't there also a step in
> BSD style initiations that can call SYSV style scripts? I thought I
> recalled seeing that on Slackware - John
And just to confuse things a tad Distro's like Gentoo /etc/inid.d/iptables
calls iptables-save iptables-restore directly and uses params
in /etc/conf.d/iptables to locate the file to feed into or out of
iptables-save/iptables-restore.
And if you are slightly insane as I am, you've modified the save
function to keep x number of copies of the file in compressed format
somewhere.
What me paranoid?
Alistair
next prev parent reply other threads:[~2004-12-30 0:08 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-12-29 18:03 Saving IPTable rules..oops Jason Williams
2004-12-29 18:23 ` Deepak Seshadri
2004-12-30 20:39 ` Jason Williams
2004-12-30 20:52 ` Deepak Seshadri
2004-12-30 21:38 ` Jason Williams
2004-12-30 22:09 ` John A. Sullivan III
2004-12-29 18:32 ` John A. Sullivan III
2004-12-29 20:15 ` R. DuFresne
2004-12-29 20:29 ` Jason Opperisano
2004-12-30 6:33 ` R. DuFresne
2004-12-29 20:30 ` Les Mikesell
2004-12-29 22:29 ` John A. Sullivan III
2004-12-30 0:08 ` Alistair Tonner [this message]
2004-12-30 6:45 ` R. DuFresne
2004-12-29 18:35 ` John A. Sullivan III
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200412291908.37162.Alistair@nerdnet.ca \
--to=alistair@nerdnet.ca \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.