Re: [tlug] iptables

["Stephen J. Turnbull" <stephen@example.com>]

Bruno Raoult writes:
 > On Sun, Jun 8, 2008 at 2:19 PM, Jedidiah Israel
 > <jedidiah.israel@example.com> wrote:
 > > Firstly,  are your network interfaces initialised before iptables is called?
 > 
 > This is a good question, I had the same thinking...

The answer is "no".  That's what "pre-up" means: do this before
configuring the interface.

 > None, this is in /etc/network.

Actually, no.  The script /etc/init.d/network is symlinked from the
appropriate /etc/rc#.d directory (probably rcS.d).  It should call
ifup and ifdown for starting and stopping the network.  (These read
the configuration files in /etc/network.)  Possibly ifup is called
once with argument lo and once with flag -a.  Your non-loopback
interfaces should all be activated with -a (ie, their stanzas in
/etc/network/interfaces should have the 'auto' property) in the
default configuration.

Try shutting down the network, then running "ifup IFACE" from the
command line.  Do you get any joy then?

I'm not sure whether ifup does any logging itself, except that it is
supposed to write state to /etc/network/run/ifstate.  On Debian I
think that iptables probably writes its messages to /var/log/syslog.

I don't use ifup/ifdown; I found them to be a real pain in the neck
because they now have a syntax as complex as the underlying tools, but
are not as well-documented.  C'est la Debian.  And so it goes.  42.
Whatever.