/etc/network/interfaces changed in 7.10?
Derek Broughton
news at pointerstop.ca
Wed Nov 14 16:48:52 UTC 2007
Jimmy Wu wrote:
> On 11/12/07, Derek Broughton <news at pointerstop.ca> wrote:
>>
>> This was never really the right place to do this.
>> Use /etc/network/if-pre-up.d/ (or if-up.d). However, I have to wonder
>> how this ever worked - "pre-up" would mean before you have an interface.
>> afaik, the interface must be _up_ before you can define iptables rules on
>> it.
>
> Thanks for all the replies. I got the pre-up from some how-to or
> other that I found, and it did work - I could verify be using iptables
> to clear out all rules, restarting the network, and 'iptables -L -v',
> and they would be back.
The rules would be back - but iirc the iptables rules actually apply to _IP_
addresses, not interfaces, and I'm fairly sure it doesn't _know_ the
address in the pre-up phase. Now, not all rules would care about _your_ IP
address, so those rules would still work, but the last time I wrote a
firewall script, _some_ rules were specific to my IP address.
>
> I'll go try the bash script and see how that works when I get a chance.
The above aside, I should have said it was not the "best" place. If you
only have one interface, putting a "pre-up" stanza in the interface
definition would be fine, but for iptables rules I would prefer to use the
if-pre-up.d/ directory as then you have one location that can be used for
all possible interfaces.
--
derek
More information about the ubuntu-users
mailing list