Thanks for your reply, Покотиленко! (I hope that is the correct name
to use.)
My reply is at the bottom of this message:
I understand that it is best to setup a set of rules to be applied
when the network interface is down, saving it to:
/etc/iptables.down.rules
and applying in /etc/network/interfaces via:
post-down iptables-restore < /etc/iptables.down.rules
What should this set of rules look like? The exact opposite
of /etc/iptables.up.rules ? Or just a simple flush command?
Or something else altogether?
You can do a simple flush, but this is not required, since all rules
will be overwritten by iptables-restore when you bring network
interface
up next time.
I had stumbled across the following comment:
"But to do this really clean, we need to have a script that removes
the rules as well for when the interface goes down. Just to make sure
the rules are never added twice."
on this site:
http://my.opera.com/Jada0007/blog/show.dml/1213354
and therefore wondered if there were ever a case in which
the rules could be applied twice... by creating a /etc/
iptables.down.rules
file, I hoped to avoid such a possibility.
Sincerely,
Miles
