On Tue, Aug 11, 2009 at 2:16 PM, Ivan Shmakov <oneingray@gmail.com> wrote:
Sure. However, Lenny doesn't load the scripts.
In my case, the gateway got three NICs, one for internet, one for DMZ and one for LAN inside. Loading the iptables once is enough for all.
So, one instance of
pre-up /etc/network/if-pre-up.d/iptables
is enough.
>>>>> Kinglok, FONG <busywater@gmail.com> writes:[...]
>>>>> Jonathan Yu <jonathan.i.yu@gmail.com> wrote:
Did you set the execute permission on the script?
> Thank you Jonathan for writing the nice blog article and it works.
> But it requries some customization in debian Lenny.
> For some reason, the script in /etc/network/if-pre-up.d/ doesn't load
> up by default.
# chmod +x /etc/network/if-pre-up.d/SCRIPTNAMEHERE
Sure. However, Lenny doesn't load the scripts.
>> I apparently used /etc/network/if-pre-up.d (I can't remember the
>> reasoning why, but I guess it's useful to make sure you load the
>> rules prior to bringing the interfaces up, which means the rules
>> will be there once network connectivity is brought up)
> You have to explicitly call it from /etc/network/interfaces like:[...]
> auto eth0
> iface eth0 inet static
> pre-up /etc/network/if-pre-up.d/iptablesIt somewhat defeats its advantage of /not/ having it mentioned
for each of the host's interfaces.
In my case, the gateway got three NICs, one for internet, one for DMZ and one for LAN inside. Loading the iptables once is enough for all.
So, one instance of
pre-up /etc/network/if-pre-up.d/iptables
is enough.
auto eth0 eth1 ...
iface eth0 inet static
...
pre-up /etc/network/if-pre-up.d/iptablesiface eth1 inet static
...
pre-up /etc/network/if-pre-up.d/iptables...
[...]
--
FSF associate member #7257
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
Personal Webpage: http://kinglok.org
No comments:
Post a Comment