Re: Reload IPtables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am 28.06.21 um 19:10 schrieb Kerin Millar:

On Mon, 28 Jun 2021 18:35:59 +0200
Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:




Am 28.06.21 um 15:46 schrieb Kerin Millar:

On Mon, 28 Jun 2021 14:03:30 +0200
Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:


do what you want but stop talking nonsense when it comes to best practice


One "best practice" that I'd object to is blindly restoring whatever was
saved on shutdown.  How can one control that?  Booting with some clean,
well-defined data looks safer


WTF: there is nothing magically or blindly saved and changed at
shutdown, it's the whole state as it was, the outcome from your script


Not that I can speak on Allesandro's behalf but I'm presuming it's a reference to the save-upon-stop behaviour that may occur as a consequence of the integration performed by certain distro vendors. For example, Gentoo has a SAVE_ON_STOP option that its iptables runscript honours. I'm not sure that I've ever seen it be referred to as a good pratice, per se, but some people appreciate having such options at their disposal


and how do you think should there be something different as you are using?


I can't parse that.


what exactly can't you parse?

if at all something is saved at shutdown it's what you are currently using


don't you simply not understand what save/restore does?
your active ruleset don't fall from heaven


I'm not sure who you are addressing at this point but you can be assured that I am aware of what saving and restoring entails.


whoever thinks "blindly restoring whatever was saved on shutdown"


it's not magically changed unless you change something with iptables or
your script

and hell that's why when you changed something and want to reload the
last boot state you restore and you are done - that's the topic here


Granted, the thread does seem to have meandered out into the weeds at this point. With that, I'm out
that whole thread was useless and should have been pointed to the distribution mailing list of the OP because there is nothing like "Reload IPtables" which works everywhere
bwell, that would have been fine when someone steps in using the same distribution but coming up to a newbie with homegrown solutions where he would be left alone even at distro channels later is simply idiotic
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux