1 # /etc/init.d/iptables-cn defaults file
3 # INTRODUCTION: First thing first, I must warn you. The iptables
4 # init.d setup and iptables tools themselves are VERY much capable
5 # of locking you out of network services. This includes remote and
6 # local network services, even localhost. You can even block local
7 # console logins if authentication is network based. And please do
8 # not be lulled into a false sense of security because you simply
9 # installed the iptables package. It really does not provide a
10 # firewall or any system security.
12 # Now for a short question and answer session:
14 # Q: You concocted this init.d setup, but you do not like it?
15 # A: I was pretty much hounded into providing it. I do not like it.
16 # Don't use it. Use /etc/network/interfaces, use /etc/network/*.d/
17 # scripts use /etc/ppp/ip-*.d/ script. Create your own custom
18 # init.d script -- no need to even name it iptables. Use ferm,
19 # ipmasq, ipmenu, guarddog, firestarter, or one of the many other
20 # firewall configuration tools available. Do not use the init.d
23 # Q: What is this iptables init.d setup all about?
24 # A: The iptables init.d setup saves and restores whole iptables's
25 # table rulesets. That's basically it. It doesn't create any
26 # iptables rules nor provide for running any iptables rules.
27 # That also implies no support at all for dynamic rules.
29 # Q: How do I get started?
30 # A: (Did I mention "do not use it" already? Oh well.)
31 # 1. Setup your normal iptables rules -- firewalling, port forwarding
32 # NAT, etc. When everything is configured the way you like, run:
34 # /etc/init.d/iptables-cn save active
36 # 2. Setup your your inactive firewall rules -- this can be something
37 # like clear all rules and set all policy defaults to accept (which
38 # can be done with /etc/init.d/iptables-cn clear). When that is ready,
39 # save the inactive ruleset:
41 # /etc/init.d/iptables-cn save inactive
43 # 3. Controlling the script itself is done through runlevels configured
44 # with debconf for package installation. Run "dpkg-reconfigure iptables"
45 # to enable or disable after installation.
48 # A: Mostly. You can save additional rulesets and restore them by name. As
51 # /etc/init.d/iptables-cn save midnight
52 # /etc/init.d/iptables-cn load midnight
55 # Autosave only works with start followed by stop.
57 # Also, take great care with the halt option. It's almost as good as
58 # pulling the network cable, except it disrupts localhost too.
60 # deprecated default values:
61 # enable_iptables_initd - use the debconf setup
62 # preload_default - probably not necessary for iptables-restore
63 # and user modified init.d scripts cannot trusted anyway
65 # set iptables_command to "iptables" (default) or "ip6tables"
66 iptables_command=iptables
68 # set enable_autosave to "true" to autosave the active ruleset
69 # when going from start to stop
72 # set enable_save_counters to "true" to save table counters with
74 enable_save_counters=true