https://bugzilla.novell.com/show_bug.cgi?id=462482
User jengelh@medozas.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=462482#c4
--- Comment #4 from Jan Engelhardt 2009-01-07 15:55:33 MST ---
Simply augment iptables_add():
function iptables_add()
{
iptables_add_as_above;
echo "iptables $@" >>"$tmpdir2/fallback.sh";
}
function iptables_emit()
{
iptables_emit_as_above || . "$tmpdir2/fallback.sh";
}
I think that, if there is a reason iptables-restore fails, then the manual
commands will also fail at some point and leave the ruleset in a state which
may lock out the user, at which point iptables-restore seems to be the better
solution which does an atomic restore --- if this atomic restore fails, the
previous ruleset will be used, which is either
1. empty chains all with policy of ACCEPT.
2. the minimal ruleset installed by SuSEfirewall2_init (the first stage thing)
How's that sound?
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.