Re: Reload IPtables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Am 28.06.21 um 11:23 schrieb Alessandro Vesely:
A complex script doesn't have to be error prone.

it is by definition more error prone than a simple restore which has exactly that job and it makes no sense to argue about such simple facts

do what you want but stop talking nonense when it comes to best practice

Speed is not a concern, given that boot only happens once every few months.

i care always about speed

Setting iptables atomically is not needed because ip link set $interface up commands are issued after iptables -A ones.

irrelevant


# NIC-Konfiguration
ExecStart=-/usr/sbin/ethtool -G lan rx 512 tx 256
ExecStart=-/usr/sbin/ethtool -K lan lro off
ExecStart=-/usr/sbin/ethtool -G wan rx 512 tx 256
ExecStart=-/usr/sbin/ethtool -K wan lro off


I hadn't had to do that, yet (been lucky with autoconf?)

bla - you don't want LRO on a router because it breaks end-to-end principle and maybe you heard about buffer bloat

# Sicherstellen dass 'sysctl' angewendet wird
ExecStart=-/usr/sbin/sysctl -q --load=/etc/sysctl*.conf


Shouldn't this be automatic?

what when i don't want that automatic to avoid all sort of warnings when that automatic fires before iptables is loaded and so all the conntrack values are unknown?

I set up DHCP independently of the network.  It only listens to the internal interface, so it's somewhat easier.  I consider it a separate issue

you didn't realize the difference between dhcp client/server!



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux