[Gllug] iptables replacement for ipchains
Bruce Richardson
itsbruce at workshy.org
Fri Sep 21 16:04:11 UTC 2007
On Fri, Sep 21, 2007 at 04:17:19PM +0100, Chris wrote:
> Hi
>
> Bruce Richardson wrote:
> > Not if you want to trigger changes when network interfaces are brought
> > up or down, it isn't.
>
> That's more of a special case than a general use case though.
I've seen enough cases where it is useful to think it worth noting.
>
> > Besides, with Debian if you make certain
> > network-related changes there then they will be overridden when
> > networking is started
>
> such as?
If /etc/network/options exists, spoof protection, syncookies and ip
forwarding will be set when networking starts and will overwrite any
sysctl settings. If you have installed the vlan package then proxy arp
and rp filter will be set each time an interface is configured, based on
the settings in /etc/network/interfaces (or to defaults if no setting is
specified).
--
Bruce
It is impolite to tell a man who is carrying you on his shoulders that
his head smells.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20070921/77a2a3a2/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list