From f97fd9ac2e78394154db7ddbd1c7cb9afd9808b7 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 19 Jul 2019 10:19:48 -0400 Subject: comment --- ...ment_2_bd74fdd792309a70d7de5f5198cf1092._comment | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_2_bd74fdd792309a70d7de5f5198cf1092._comment (limited to 'doc') diff --git a/doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_2_bd74fdd792309a70d7de5f5198cf1092._comment b/doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_2_bd74fdd792309a70d7de5f5198cf1092._comment new file mode 100644 index 00000000..93944ebf --- /dev/null +++ b/doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_2_bd74fdd792309a70d7de5f5198cf1092._comment @@ -0,0 +1,21 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 2""" + date="2019-07-19T14:09:01Z" + content=""" +Funny, I never considered that the Firewall properties don't do anything +persistent. + +I don't think we want to get propellor involved in booting the system, +either.. + +Using iptables-save seems to have a problem: If there are other iptables +rules that were not set by this run of propellor, it will save those +as well. So it could save rules that were set up by something else that was +intended to be temporary, or perhaps rules that were set by a earlier +propellor config and that then got deleted out of the propellor config. + +Another way to do it could be to have Firewall.rule add its configuration +to Info and then Firewall.save could see the collected Info from all +the rules and use it to generate the boot script itself. +"""]] -- cgit v1.2.3