> And to go a bit further, I should say that I am moving away from > scripts, in favour of iptables-save(8)/iptables-restore(8) rulesets. > The initial ruleset can be developed by means of a script or editor, > and I find that the rules files are much easier to maintain. I think that's a matter of opinion. Personally I prefer scripts because I can put remarks and empty lines in them, grouping lines together that belong to each other so I know what I did 1 year (or so) ago, without having to read over the complete script/ruleset. But everyone should do what (s)he wants in that matter ; the output of iptables-save is practically in script form so it's not that I can't read it. Gr, Rob
