From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-45675-garchives=archives.gentoo.org@gentoo.org>)
	id 1FyDjf-0002tW-EF
	for garchives@archives.gentoo.org; Wed, 05 Jul 2006 20:12:35 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k65K9fFn012779;
	Wed, 5 Jul 2006 20:09:41 GMT
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.189])
	by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k65JvgW8020628
	for <gentoo-user@lists.gentoo.org>; Wed, 5 Jul 2006 19:57:43 GMT
Received: by nf-out-0910.google.com with SMTP id n15so686nfc
        for <gentoo-user@lists.gentoo.org>; Wed, 05 Jul 2006 12:57:42 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
        b=fxZGMKiJmH0QGYo3d0bRB2KBQK/PwbVHxbvJJ5BA3v1uLZYSPrf5L13+s7YyPIO87Tpx0sh1GCmTnPnp1632vjqeNjILjzJUoNLjyVBMkCi0Qv+wFVAl/pdRZdsHgF+wOlMrB6bBP1Uwg94zZe/tRp2wPoGAOweovp0V+0XFNA0=
Received: by 10.78.117.10 with SMTP id p10mr2566050huc;
        Wed, 05 Jul 2006 12:55:20 -0700 (PDT)
Received: by 10.78.20.11 with HTTP; Wed, 5 Jul 2006 12:55:20 -0700 (PDT)
Message-ID: <7573e9640607051255u5499448eyfb133d4e08b44fd0@mail.gmail.com>
Date: Wed, 5 Jul 2006 12:55:20 -0700
From: "Richard Fish" <bigfish@asmallpond.org>
Sender: richard.j.fish@gmail.com
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: iptables wiki
In-Reply-To: <loom.20060705T185054-358@post.gmane.org>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <loom.20060705T015933-644@post.gmane.org>
	 <44AB8E7E.1090005@ilievnet.com>
	 <loom.20060705T170301-173@post.gmane.org>
	 <7573e9640607050922ra5f37a4j683a73e8f7e04d3a@mail.gmail.com>
	 <loom.20060705T185054-358@post.gmane.org>
X-Google-Sender-Auth: af2dc93c3054b6df
X-Archives-Salt: a12b09c2-ba1e-4f91-972a-5a42442c8602
X-Archives-Hash: 6afeb3aafe6a1b5e750ce284f943daab

On 7/5/06, James <wireless@tampabay.rr.com> wrote:
> or I've seen this:
> #!/sbin/runscript

This is only for init scripts in /etc/init.d/.  So no, don't use
this...use #!/bin/bash instead.

> /usr/local/bin/ might be appropriate too?

Yeah, that would work also...

>
> So my (edited) scipt  issues new iptables commands
> and the gentoo script converts these commands
> into rulesets and stores them in /var/lib/iptables/rules-save?

Yep.

> 4. run "/etc/init.d/iptables save" convert (new) script based
>    commands into rulesets and load .
> 5. Test the (new) scipt {rulesets}.
> 6. Go to step 3 and repeat until a wonderful firewall results.
>
> Note, step 4 can be added to the end of my-firewall.sh to
> combine steps 3 and 4?

If you like.  But in fact step 4 can be moved to step 7 (er, step 6
once you renumber stuff), since you don't really need to save anything
until you are happy with the results.

-Richard
-- 
gentoo-user@gentoo.org mailing list