From: Chris Brenton <cbrenton@chrisbrenton.org>
To: Gilles Yue <gyue@novelgmt.intnet.mu>
Cc: netfilter@lists.netfilter.org
Subject: Re: iptables scripts
Date: 31 Oct 2003 07:12:40 -0500 [thread overview]
Message-ID: <1067602360.1137.58.camel@valhalla> (raw)
In-Reply-To: <83055D4B014C9E478D2F04624B9E82CFD48C@noveldc.novelgmt.mu>
On Fri, 2003-10-31 at 06:25, Gilles Yue wrote:
>
> What is the difference between saving iptables rules by typing
> /sbin/service save and putting it in a script which executes when the
> pc is restarted?
IMHO this is a personal preference thing. Some people prefer to use the
save/restore scripts. Some people (like myself) prefer to write their
own shell script. Its all a matter of personal preference.
For me, I just find working with a shell script easier. I typically
remotely manage my firewalls. I find it easier to vi a file rather than
work from the command line (you are also less likely to shoot yourself
in the foot by messing up your rules and blocking your remote session.
Been there, done that ;-). I also like being able to add in additional
functionality like variables, do loops, etc. Your mileage may vary.
> Secondly, if you were to put all your firewall rules in a script,
> where (on which path) would you put it to have it executed when the
> machine reboots.
Again this is somewhat personal choice. I create /root/firewall and
place all my firewall related scripts in there. You could put it in
something like /usr/local/sbin, but now you have a longer path to type
(ya I know, I'm *very* lazy ;-) and other unrelated files to contend
with in the same directory.
HTH,
C
next prev parent reply other threads:[~2003-10-31 12:12 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-31 11:25 iptables scripts Gilles Yue
2003-10-31 12:12 ` Chris Brenton [this message]
2003-10-31 12:26 ` Robert P. J. Day
2003-10-31 13:11 ` Chris Brenton
2003-10-31 13:22 ` Robert P. J. Day
2003-10-31 13:54 ` Alistair Tonner
2003-10-31 13:55 ` Robert P. J. Day
2003-10-31 13:56 ` Achim Dreyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1067602360.1137.58.camel@valhalla \
--to=cbrenton@chrisbrenton.org \
--cc=gyue@novelgmt.intnet.mu \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox