Correct way to treat iptables init failure?

Posted by chris_l on Server Fault See other posts from Server Fault or by chris_l
Published on 2010-03-18T01:31:19Z Indexed on 2010/03/18 1:41 UTC
Read the original article Hit count: 574

Filed under:
|
|
|

Hi,

I'm initializing my iptables rules via /etc/network/if-pre-up.d/iptables, using iptables-restore. This works fine, but I'm a bit worried about what would happen, if that script failed for some reason (maybe the saved iptables file is corrupt or whatever).

In case the script failed, I'd like to:

  • Start up my network interfaces without any iptables rules
  • Start up OpenSSH server
  • But not any other services like web server, ... (and maybe stop running instances)

Is there a good canonical way to do that? Going into a lower init stage? - I haven't done that in a long time, and I think a lot about init has changed in recent years (?) - which stage should I drop to, and would the OpenSSH server and my network interfaces still run?

Thanks

Chris

(On Debian Lenny)

© Server Fault or respective owner

Related posts about linux

Related posts about debian