Mailinglist Archive: opensuse-bugs (12871 mails)

< Previous Next >
[Bug 462482] iptables-batch: consider wrapper for iptables-restore instead
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 7 Jan 2009 15:55:33 -0700 (MST)
  • Message-id: <20090107225533.7FD50245390@xxxxxxxxxxxxxxxxxxxxxx>

User jengelh@xxxxxxxxxx added comment

--- Comment #4 from Jan Engelhardt <jengelh@xxxxxxxxxx> 2009-01-07 15:55:33
MST ---
Simply augment iptables_add():

function iptables_add()
echo "iptables $@" >>"$tmpdir2/";

function iptables_emit()
iptables_emit_as_above || . "$tmpdir2/";

I think that, if there is a reason iptables-restore fails, then the manual
commands will also fail at some point and leave the ruleset in a state which
may lock out the user, at which point iptables-restore seems to be the better
solution which does an atomic restore --- if this atomic restore fails, the
previous ruleset will be used, which is either
1. empty chains all with policy of ACCEPT.
2. the minimal ruleset installed by SuSEfirewall2_init (the first stage thing)
How's that sound?

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >