OT: Help for this project
Rob Sterenborg
rob at sterenborg.info
Tue Nov 15 07:26:17 CET 2005
> And to go a bit further, I should say that I am moving away from
> scripts, in favour of iptables-save(8)/iptables-restore(8) rulesets.
> The initial ruleset can be developed by means of a script or editor,
> and I find that the rules files are much easier to maintain.
I think that's a matter of opinion.
Personally I prefer scripts because I can put remarks and empty lines in
them, grouping lines together that belong to each other so I know what I
did 1 year (or so) ago, without having to read over the complete
script/ruleset.
But everyone should do what (s)he wants in that matter ; the output of
iptables-save is practically in script form so it's not that I can't
read it.
Gr,
Rob
More information about the netfilter
mailing list