Hello Bill, >> > The easiest way to do this is to put all the commands in a shell script you > run out of the run levels you want. Not that you can't hack scripts and save > iptables, and do wonderful stuff, but a shell script has a nice provision > for comments so you can see what you are doing, it does one thing at a time > so it's easier to figure out what didn't work, and you can use your favorite > version control system to track what you do. Thank you, I have done little research and I have noticed : /etc/sysconfig/network-scripts/ifup-routes which seems to use route-$IFNAME and rule-$IFNAME file, passing lines to ip command. Maybe I can try a little game in this area. > > Also, unless you have nothing but machines and people you trust on all these > little subnets, have the external ISP connections on NICs not reachable from > the private machines without going through your firewall. Having had a 12 > years old tell me "Oh I read the man page and changed the netmask" was a > revelation. Unless people are totally trusted and really competent, assume > they will (maybe by accident) do something you don't want. Also, packets > from the ISP in eth0.8 can physically reach the subnets (unless you have > VLAN switches or similar). Yes, I am using VLAN switches, so subnets can not be physically reached when used 255.255.0.0 netmask. Thank you and Best Regards, David Hlacik -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines