[plug] IP Chains

Fri Dec 24 10:56:42 WST 1999

Michael Hunt wrote:
> > > ipchains -F
> > > ipchains -P forward DENY
> > > ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0
> > > modprobe ip_masq_ftp
> > > modprobe ip_masq_irc
> > > modprobe ip_masq_raudio
> > > modprobe ip_masq_quake
> >
> > Loading all those modules is unnecessary.  For example, a lot of people
> > don't use irc, real audio, quake...  Better to let the kernel load them
> > automatically as appropriate.
> 
> I use them so that why they are there. Also the machine has 96 meg of RAM
> and only manages my isp connection so I don't really see kernel bloat being
> an issue.

You were posting it to a list recommending that other people do it and
it is, at best, unnecessary.  The kernel will load these automatically
if needed.  Furthermore, your distribution is probably configured to
automatically remove unused kernel modules automatically on a regular
basis (Debian certainly is, it would make sense if others did too) in
which case all these unused modules will be removed anyway making you
wonder why you bothered to load them in the first place!

> > Well, I don't really see a reason for it but in some *rare*
> > circumstances a reboot *might* be appropriate.  I suppose if it makes
> > Windows people feel happier about things then it's worth it. :-)
> 
> Like I said, read my qualification. You don't need to reboot to make this
> happen, only if you want to confirm that the commands you placed in you
> relevant rc file will work after a reboot. Most of us are only human and do
> make typos in files and other mistakes etc. The only way to make sure
> something is going to work after a reboot is to do one.

If you run the script which the boot process is also going to run then
rebooting does not do anything different.  Do you reboot if you change
your machine's IP address?  How about if you add a new route?  Do you
log out and in again if you add something to your ~/.profile?  If people
want to reboot their machines every time they breathe then that's their
decision but it seems silly to advocate it to people, particularly
someone who is new to Linux from a Windows background.  It would make
more sense to point out that a reboot is unnecessary and highlight how
Linux is better in this regard.

> My reasonong also is that most "home users" aren't like techs who consider
> days of uptime to be something very important. Rather they shutdown and
> restart there computers in order to save power costs etc. Testing the

In this case there is actually a very good reason why a reboot is
particularly undesired and it's got nothing to do with uptime and
everything to do with saving costs. The instructions you gave are
particularly relevant for home users dialing over a modem.  The user
will probably bring up the modem, run your script and then suddenly
think they have to reboot to use the new setup thus disconnecting their
modem!  Isn't it therefore much better to advocate *not* rebooting in
unnecessary situations?

Regards,

Christian.