Re: Reload IPtables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Am 28.06.21 um 15:46 schrieb Kerin Millar:
On Mon, 28 Jun 2021 14:03:30 +0200
Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:

do what you want but stop talking nonsense when it comes to best practice

One "best practice" that I'd object to is blindly restoring whatever was
saved on shutdown.  How can one control that?  Booting with some clean,
well-defined data looks safer

WTF: there is nothing magically or blindly saved and changed at
shutdown, it's the whole state as it was, the outcome from your script

Not that I can speak on Allesandro's behalf but I'm presuming it's a reference to the save-upon-stop behaviour that may occur as a consequence of the integration performed by certain distro vendors. For example, Gentoo has a SAVE_ON_STOP option that its iptables runscript honours. I'm not sure that I've ever seen it be referred to as a good pratice, per se, but some people appreciate having such options at their disposal

and how do you think should there be something different as you are using?

don't you simply not understand what save/restore does?
your active ruleset don't fall from heaven

it's not magically changed unless you change something with iptables or your script

and hell that's why when you changed something and want to reload the last boot state you restore and you are done - that's the topic here





[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux