В Вск, 26/08/2007 в 15:51 -1000, TinyApps.Org пишет: > I have a very simple set of iptables rules: > > # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > # iptables -A INPUT -p tcp -i eth0 --dport ssh -j ACCEPT > # iptables -I INPUT -i lo -j ACCEPT > # iptables -A INPUT -j DROP > > which has been saved to /etc/iptables.up.rules . > > I have also modified /etc/network/interfaces to use the ruleset: > > iface eth0 inet static > address x.x.x.x > [.. interface configuration ..] > pre-up iptables-restore < /etc/iptables.up.rules > > I understand that it is best to setup a set of rules to be applied > when the network interface is down, saving it to: > > /etc/iptables.down.rules > > and applying in /etc/network/interfaces via: > > post-down iptables-restore < /etc/iptables.down.rules > > What should this set of rules look like? The exact opposite > of /etc/iptables.up.rules ? Or just a simple flush command? > Or something else altogether? You can do a simple flush, but this is not required, since all rules will be overwritten by iptables-restore when you bring network interface up next time. -- Покотиленко Костик <casper@xxxxxxxxxxxx>
