Mailinglist Archive: opensuse-bugs (12871 mails)

< Previous Next >
[Bug 462482] iptables-batch: consider wrapper for iptables-restore instead
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 7 Jan 2009 15:55:33 -0700 (MST)
  • Message-id: <20090107225533.7FD50245390@xxxxxxxxxxxxxxxxxxxxxx>
https://bugzilla.novell.com/show_bug.cgi?id=462482

User jengelh@xxxxxxxxxx added comment
https://bugzilla.novell.com/show_bug.cgi?id=462482#c4





--- Comment #4 from Jan Engelhardt <jengelh@xxxxxxxxxx> 2009-01-07 15:55:33
MST ---
Simply augment iptables_add():

function iptables_add()
{
iptables_add_as_above;
echo "iptables $@" >>"$tmpdir2/fallback.sh";
}

function iptables_emit()
{
iptables_emit_as_above || . "$tmpdir2/fallback.sh";
}

I think that, if there is a reason iptables-restore fails, then the manual
commands will also fail at some point and leave the ruleset in a state which
may lock out the user, at which point iptables-restore seems to be the better
solution which does an atomic restore --- if this atomic restore fails, the
previous ruleset will be used, which is either
1. empty chains all with policy of ACCEPT.
2. the minimal ruleset installed by SuSEfirewall2_init (the first stage thing)
How's that sound?


--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >