Did you try to use your iptable script in post-up / pre-down hooks at
/etc/network/interfaces ? I think it is the best solution for that
Regards,
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
> Did you try to use your iptable script in post-up / pre-down hooks at
> /etc/network/interfaces ? I think it is the best solution for that
But I have to disagree w/ You - for once the network environment
changes that is, say the machine will be out of a net, then the file
running will cease on the interface initialization (or whatever) that
will end up with not started firewall at all - that can be dangerous in
cases of:
a) there are rules for internal programs communications (that is within
the machine);
b) if a modem connection will be istablished - the machine will be just
uncovered for the net (?Internet).
Personally, I advice the topic author to make a script, make it
running from some /etc/rcN.d, having small number after S. - Then the
firewall will be launched independently on what the current network
environment is. Disadvantage is there is a time between actual
interface initialization moment and the moment the iptables rules are
applied.
Please, correct me, if I'm wrong.
Seems like a Gnome bug ?
As last resource, I would add '-x' option to #!/bin/sh and then see
where server hangs ... I know this is not the best option
Regards,
Ok, It was only my suggest, I don't have strong opinion about it
(thanks for your time and opinion too).
>
> Personally, I advice the topic author to make a script, make it
> running from some /etc/rcN.d, having small number after S. - Then the
> firewall will be launched independently on what the current network
> environment is. Disadvantage is there is a time between actual
> interface initialization moment and the moment the iptables rules are
> applied.
>
I don't like to add a local init script to debian system. Perhaps
better adding iptable rules to /etc/rc.local
Regards,
>[...]
> 1) First I removed the network-manager, to be sure, it doesn't do
> anything:
>
> apt-get remove --purge -y network-manager-gnome
> network-manager-openvpn-gnome network-manager-pptp-gnome
> network-manager-vpnc-gnome
>
This looks to me like you removed the Gnome tray applet for NetworkManager
and other Gnome bits but not the network-manager package itself. Is that
what you were intending?
>[...[