[blfs-support] iptables

akhiezer lfs65 at cruziero.com
Sun Mar 9 12:24:59 PDT 2014


> Date: Sun, 9 Mar 2014 17:07:47 +0000
> From: Richard Melville <richard.melville69 at googlemail.com>
> To: blfs-support at linuxfromscratch.org
> Subject: Re: [blfs-support] iptables
>
	.
	.
> What I don't understand is: when setting the kernel parameters why enabling
> or disabling *all* doesn't automatically affect *default*.  Also, in the
> book only *default* is turned off in *accept-redirects* and not *all*,
> unlike the other parameters.
>


Iirc, *generally* if you change a setting under 'all', then it affects all
currently-active network interfaces dynamically - i.e. the settings take
effect 'immediately': whereas if you change a setting under 'default',
then the setting is picked up only by subsequently-activated interfaces
(including any stop/start of a currently-active interface: hence it's common
to set both 'all' and 'default', if you want new settings to take effect
right now for active interfaces, _and_ have them still pick up the value
(this time via 'default') if they are stop/started).


But really see the documentation re the particular commands/settings that
you're wanting to work with - e.g. 
'/usr/src/linux/Documentation/networking/ip-sysctl.txt', or Oskar
Andreasson's (old but still good) tutorial, or iptables' own docs -
as there's variations; and generally as otherwise it's easy to create a
firewall that isn't doing what one might think it's doing.



hth,
akh





--



More information about the blfs-support mailing list