Debian Bug report logs - #580943
Should include a simple ifupdown script to configure iptables from rules file or setup script

version graph

Package: iptables; Maintainer for iptables is Laurence J. Lane <ljlane@debian.org>; Source for iptables is src:iptables.

Reported by: GW <gwSPAM.debian@tnode.com>

Date: Mon, 10 May 2010 01:06:01 UTC

Severity: wishlist

Tags: jessie, lenny, sid, squeeze, wheezy, wontfix

Found in version iptables/1.4.6-2

Done: "Laurence J. Lane" <ljlane@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, gwSPAM.debian@tnode.com, ljlane@debian.org (Laurence J. Lane):
Bug#580943; Package iptables. (Mon, 10 May 2010 01:06:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to GW <gwSPAM.debian@tnode.com>:
New Bug report received and forwarded. Copy sent to gwSPAM.debian@tnode.com, ljlane@debian.org (Laurence J. Lane). (Mon, 10 May 2010 01:06:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: GW <gwSPAM.debian@tnode.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Should include a simple ifupdown script to configure iptables from rules file or setup script
Date: Mon, 10 May 2010 03:03:33 +0200
[Message part 1 (text/plain, inline)]
Package: iptables
Version: 1.4.6-2
Severity: wishlist
Tags: sid lenny squeeze

Hey,

Many users are confused because there is no default Debian-way of configuring
iptables rules at startup (since the rc?.d script was removed). Because many
are seeking this feature, I would like to suggest a clean if-pre-up solution
for this for those who manage their network with ifupdown.

I tought, because so many packages nowadays install their scripts in
/etc/network/if-*.d/, iptables could too. It must be a script with its
associated files that don't do anything restricting by default.

Attached are 3 files that should be placed in:
  /etc/network/if-pre-up.d/iptables
  /etc/network/iptables.up.rules
  /etc/network/iptables.allowall.rules

The if-pre-up script is pretty simple and it primarily tries to restore
iptables rules from file '/etc/network/iptables.up.rules', but if it doesn't
exist it runs the custom iptables setup script '/etc/network/iptables.up.run'.

This way a user could either store its iptables configuration that would be
restored after reboot with:
  iptables-save > /etc/network/iptables.up.rules
In case he makes a mistake and would like to reset iptables as fast as possible
he could:
  iptables-restore < /etc/network/iptables.allowall.rules
Users who want to use their custom iptables setup script instead of rules files
could remove the 'iptables.up.rules' file and put their script under
'/etc/network/iptables.up.run' so that it is run after reboot.

All this scripts are also extremely useful in combination with this iptables-
apply features:
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580941
This allows you to modify your custom iptables setup script and be sure that
only the last working iptables rules will get restored after reboot. After each
modification you just run:
  iptables-apply -w /etc/network/iptables.up.rules -c
/etc/network/iptables.up.run
And you iptables setup script (iptables.up.run) will be executed and working
resulting rules stored in iptables.up.rules that get loaded after reboot with
the if-pre-up script.

Any questions?

Greetings,
  gw



-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'testing-proposed-updates'), (600, 'unstable'), (500, 'lenny'), (500, 'karmic'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-3-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages iptables depends on:
ii  libc6                         2.10.2-6   Embedded GNU C Library: Shared lib

iptables recommends no packages.

iptables suggests no packages.

-- no debconf information
[iptables (text/x-shellscript, attachment)]
[iptables.up.rules (text/plain, attachment)]
[iptables.allowall.rules (text/plain, attachment)]

Added tag(s) wontfix. Request was from "Laurence J. Lane" <ljlane@debian.org> to control@bugs.debian.org. (Mon, 10 May 2010 02:15:03 GMT) Full text and rfc822 format available.

Added tag(s) wheezy. Request was from Kurt Roeckx <kurt@roeckx.be> to control@bugs.debian.org. (Wed, 16 Feb 2011 19:04:09 GMT) Full text and rfc822 format available.

Added tag(s) jessie. Request was from Julien Cristau <jcristau@debian.org> to control@bugs.debian.org. (Thu, 18 Apr 2013 17:38:23 GMT) Full text and rfc822 format available.

Reply sent to "Laurence J. Lane" <ljlane@debian.org>:
You have taken responsibility. (Sun, 25 Aug 2013 17:27:05 GMT) Full text and rfc822 format available.

Notification sent to GW <gwSPAM.debian@tnode.com>:
Bug acknowledged by developer. (Sun, 25 Aug 2013 17:27:05 GMT) Full text and rfc822 format available.

Message #16 received at 580943-done@bugs.debian.org (full text, mbox):

From: "Laurence J. Lane" <ljlane@debian.org>
To: 580943-done@bugs.debian.org
Subject: Should include a simple ifupdown script to configure iptables from rules file or setup script
Date: Sun, 25 Aug 2013 13:19:38 -0400
Thank you for your well thought contributions. Unfortunately, I am not
adding the script.



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 23 Sep 2013 07:31:20 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 00:44:00 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.