:: Re: [DNG] Recommended location for …
Top Page
This message is part of the following thread:
M----++\the complete thread tree sorted by date
M+++\MMMLars Noodén at <-
MMMMMMMMKatolaZ at ->
Delete this message
Reply to this message
Author: Didier Kryn
Date:  
To: dng
Subject: Re: [DNG] Recommended location for iptables rules
Le 06/12/2016 08:59, Lars Noodén a écrit :
> On 12/06/2016 12:14 AM, KatolaZ wrote:
>> ...
>> The old Debian standard used to be /var/lib/iptables/, and I
>> don't know when this behaviour changed (especially because I never
>> changed it, despite the choices made by DDs). ...
> Thanks. That seems to fit with hier(7) too. So I will go with that.
>
> The recent Debian documentation also contributed to the confusion.  e.g.
>      https://wiki.debian.org/iptables
>      https://wiki.debian.org/DebianFirewall

>
> Along those lines, should we recommend that iptables rules be loaded via
> init or via some script in /etc/network/if-pre-up.d/ connected to the
> interface? I realize /etc/ has to be on the same file system as / but
> it seems awkward to have executables there anyway.
> 

     Sorry to go a little off-topic, but /etc is there for proper 
sorting of files, not by the necessity or possibility to mount it on a 
different filesystem, as opposed to /usr. If /etc was on a different 
filesystem, it should be mounted by the initramfs script, because it 
contains data essential to the system, first of all the init scripts. 
Therefore I think you can be assured /etc will never be a mountpoint.


     Didier



This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] Recommended location for iptables rulesRe: [DNG] Recommended location for iptables rules->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)