Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Others think it's not good to modify default routes so someone say it's better to store a script for different rules and to load it at startup, what do you think about it?
That is run at bootup anyway. Running it by hand won't make your rule any more "permanent", but it is a reasonable test to check that your rules will be applied next boot.
GabrieleMax wrote:Others think it's not good to modify default routes so someone say it's better to store a script for different rules and to load it at startup, what do you think about it?
Whatever floats your boat. I'd use scripts if I needed to swap rulesets regularly.
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
Since no one has pointed it out so far, you can also make your current iptables rules permanent with dpkg. Modify your rules like you'd normally do with e.g. iptables -t nat -A <whatever_you_need> and then
steve_v wrote:Whatever floats your boat. I'd use scripts if I needed to swap rulesets regularly.
I understood the best way to load different ruleset is to use a file and to load it at boot because I think it could be dangerous to load everything like a default rule, I know it's more fast to load all ruleset at the same time but if I'd like to modify something it could be more easy to do it in a "external file".
Now I'd like to understand which runlevel I should use to load a file with ruleset and where it could be the best place to store it!
Thank you very much for your reply but... tell me... do you think it's the best way to store everything like a default rule or it's more "easy" to manage ruleset in a different file and to load it at boot? I know to use a external file is less fast than to load everything like a default rule but at same time this way is less "dangerous"...
kopper wrote:Since no one has pointed it out so far, you can also make your current iptables rules permanent with dpkg. Modify your rules like you'd normally do with e.g. iptables -t nat -A <whatever_you_need> and then
GabrieleMax wrote:do you think it's the best way to store everything like a default rule or it's more "easy" to manage ruleset in a different file and to load it at boot? I know to use a external file is less fast than to load everything like a default rule but at same time this way is less "dangerous"...
I do not understand what you mean by "store/load everything like a default rule". There is no iptables default rule. The default iptables ruleset is empty.
GabrieleMax wrote:Now I'd like to understand which runlevel I should use to load a file with ruleset and where it could be the best place to store it!
Systemd does not have runlevels. IMO the ruleset must be applied before configuring the network.
p.H wrote:I do not understand what you mean by "store/load everything like a default rule". There is no iptables default rule. The default iptables ruleset is empty.
In my mind also a empty table is a default iptables ruleset like this:
p.H wrote:
Systemd does not have runlevels. IMO the ruleset must be applied before configuring the network.
Ok I understood it but... if you'd like to change iptables ruleset by an external file where could you put it and could you run it like a *.sh and chmod +x?
GabrieleMax wrote:In my mind also a empty table is a default iptables ruleset like this
So I repeat my question : what do you mean by "store/load everything like a default rule" ?
If a default ruleset is an empty ruleset, it does not make sense to store/load it.
GabrieleMax wrote:if you'd like to change iptables ruleset by an external file where could you put it and could you run it like a *.sh and chmod +x?