>>>>> Jonathan Yu <jonathan.i.yu@gmail.com> wrote:
[...]
> Thank you Jonathan for writing the nice blog article and it works.
> But it requries some customization in debian Lenny.
> For some reason, the script in /etc/network/if-pre-up.d/ doesn't load
> up by default.
Did you set the execute permission on the script?
# chmod +x /etc/network/if-pre-up.d/SCRIPTNAMEHERE
>> I apparently used /etc/network/if-pre-up.d (I can't remember the
>> reasoning why, but I guess it's useful to make sure you load the
>> rules prior to bringing the interfaces up, which means the rules
>> will be there once network connectivity is brought up)
> You have to explicitly call it from /etc/network/interfaces like:
> auto eth0
> iface eth0 inet static
[...]
> pre-up /etc/network/if-pre-up.d/iptables
It somewhat defeats its advantage of /not/ having it mentioned
for each of the host's interfaces.
auto eth0 eth1 ...
iface eth0 inet static
...
pre-up /etc/network/if-pre-up.d/iptables
iface eth1 inet static
...
pre-up /etc/network/if-pre-up.d/iptables
...
[...]
--
FSF associate member #7257
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment