From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-47771-garchives=archives.gentoo.org@gentoo.org>)
	id 1G8PHo-00066r-NS
	for garchives@archives.gentoo.org; Wed, 02 Aug 2006 22:33:57 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k72MVhSD012021;
	Wed, 2 Aug 2006 22:31:43 GMT
Received: from mail.netspace.net.au (thunder.netspace.net.au [203.10.110.71])
	by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k72MTIvk003938
	for <gentoo-user@lists.gentoo.org>; Wed, 2 Aug 2006 22:29:20 GMT
Received: from orpheus (dsl-203-113-236-215.SA.netspace.net.au [203.113.236.215])
	by mail.netspace.net.au (Postfix) with ESMTP id A4D954BC76
	for <gentoo-user@lists.gentoo.org>; Thu,  3 Aug 2006 08:29:15 +1000 (EST)
Subject: Re: [gentoo-user]  Re: launching iptables
From: Iain Buchanan <iaindb@netspace.net.au>
To: gentoo-user@lists.gentoo.org
In-Reply-To:  <loom.20060802T230652-790@post.gmane.org>
References:  <loom.20060802T223410-566@post.gmane.org>
	 <44D11224.9010301@infoline.su>   <loom.20060802T230652-790@post.gmane.org>
Content-Type: text/plain
Date: Thu, 03 Aug 2006 07:59:09 +0930
Message-Id: <1154557749.15502.5.camel@orpheus>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
Mime-Version: 1.0
X-Mailer: Evolution 2.6.2 
Content-Transfer-Encoding: 7bit
X-Archives-Salt: b7768657-aec8-47e0-a43b-9e180d54e133
X-Archives-Hash: e63729308219567a277499cc33f23cd6

On Wed, 2006-08-02 at 21:13 +0000, James wrote:
> Alexander Kirillov <nevis2us <at> infoline.su> writes:
> 
> 
> > > Is their a way to get 'rc-update add <my_firewall>  default' to launch
> > > my_firewall without putting it in the /etc/init.d/ dir and using the 
> > > runscipt template for my script?
> 
> > > thoughts, suggestions and examples are most welcome.
> > Keep your script in /etc and run it once.
> 
> OK, but how will it get discovered again upon reboot?

when you use iptables-save, your script gets saved in the IPTABLES_SAVE
location in /etc/conf.d/iptables

> /etc/init.d/iptables will overwrite what my_firewall.sh does.
> as it is currently doing....
> 
> 
> > If you have SAVE_ON_STOP="yes" in /etc/conf.d/iptables
> > your rules will be restored whenever you restart iptables.
> 
> Um, maybe I missing something but searching for "SAVE_ON"
> only reveals this line in the /etc/init.d/iptables script:

you're looking in init.d, look in conf.d - this is where you customise
behaviour for init scripts...

I use webmin to create the initial iptables rules, then edit the file by
hand that I specified in /etc/conf.d/iptables, if I have to.  webmin is
pretty good, so usually I don't have to edit anything by hand...

HTH,
-- 
Iain Buchanan <iaindb at netspace dot net dot au>

"By golly, I'm beginning to think Linux really *is* the best thing since
sliced bread."
(By Vance Petree, Virginia Power)

-- 
gentoo-user@gentoo.org mailing list