summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorJoey Hess2019-07-19 10:19:48 -0400
committerJoey Hess2019-07-19 10:19:48 -0400
commitf97fd9ac2e78394154db7ddbd1c7cb9afd9808b7 (patch)
tree4236184d60703b37d9262bc9a2659bb3d001f773 /doc
parent6a42f70e3263a446ac1964d2db5d34efe47ff270 (diff)
comment
Diffstat (limited to 'doc')
-rw-r--r--doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_2_bd74fdd792309a70d7de5f5198cf1092._comment21
1 files changed, 21 insertions, 0 deletions
diff --git a/doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_2_bd74fdd792309a70d7de5f5198cf1092._comment b/doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_2_bd74fdd792309a70d7de5f5198cf1092._comment
new file mode 100644
index 00000000..93944ebf
--- /dev/null
+++ b/doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_2_bd74fdd792309a70d7de5f5198cf1092._comment
@@ -0,0 +1,21 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2019-07-19T14:09:01Z"
+ content="""
+Funny, I never considered that the Firewall properties don't do anything
+persistent.
+
+I don't think we want to get propellor involved in booting the system,
+either..
+
+Using iptables-save seems to have a problem: If there are other iptables
+rules that were not set by this run of propellor, it will save those
+as well. So it could save rules that were set up by something else that was
+intended to be temporary, or perhaps rules that were set by a earlier
+propellor config and that then got deleted out of the propellor config.
+
+Another way to do it could be to have Firewall.rule add its configuration
+to Info and then Firewall.save could see the collected Info from all
+the rules and use it to generate the boot script itself.
+"""]]