[blfs-dev] [blfs-book] r10486 - in trunk/BOOK: . archive gnome/core introduction/welcome multimedia/libdriv multimedia/videoutils networking/netprogs postlfs/security pst/printing pst/scanning server/databases server/mail server/major server/other xsoft/other
zarniwhoop at ntlworld.com
Sat Aug 25 09:37:06 PDT 2012
On Sat, Aug 25, 2012 at 10:05:18AM -0500, Bruce Dubbs wrote:
> Ken Moffat wrote:
> > Relatedly : for iptables, why isn't it a regular script in init.d ?
> That's the way I've always done it. When I added the section on setting
> up a firewall, I just used what I'd always done. There's the scriot
> /etc/init.d/iptables, but the script rc.iptables is, in a way,
> configuration. It doesn't really fit in either /etc/init.d or
> /etc/sysconfig. Other distros make what is rc.iptables into
> configuration file by just removing the 'iptables' executable. I don't
> like that as it's an unneeded level of indirection.
I can understand the wish to avoid indirection. My initial
problems were in changing the script so that the necessary things
could get through,
> > And is there any interest in _different_ variants ? e.g. on this
> > (7.2 :) desktop I've got rules for ssh (if I started it), tcp and
> > udp if established or related, loopback, dns, ntp, icmp if related -
> > and I should also permit multicast.
> What you should have is a different discussion. I've never been able to
> get straming radio to work over the internet and it may be because IP
> ports above 225 get blocked.
> -- Bruce
No, my only problem with multicast is that I get pairs of 'dropped'
messages spamming the log. At first, I only had iptables running on
the server, and at that time only used a desktop briefly. This
week, with iptables running on the desktop machine, I checked the log
and found the message. Then I checked the server's log and found
some of the same messages.
das eine Mal als Tragödie, das andere Mal als Farce
More information about the blfs-dev