Iptables rules

[mcasdfgf]

I think that perhaps such an option would be better.

start:

• save current iptables rules to file "before_run.iptables"
• install new rules with tor

stop:

• restore from file "before_run.iptables"

What do you think about this?

[bmeneg]

That's indeed something to think about! But what would happen to the apps that are already running (or not) and rely on the current rules somehow?

For instance, I'm using Fedora and sometimes I use a virtual machine with libvirt + virt-manager, which populated iptables with some specific rules that I'm not sure what are their roles in libvirt infrastructure, but it stopped working after I flushed iptable's rule table.

My main question is: should we care about this side effect on others apps while Nipe is running?
And my first thought is: yes, we should care, basically because some of these apps install iptables rules during system startup, and if the user first calls Nipe and then executes the aforementioned app (the one relying in those iptable rules applied during system startup) wouldn't work properly because of Nipe. We would receive question from other's communities.

Does my assumption/question make any sense? Or am I overthinking?

[htrgouvea]

I found this idea simply amazing !! Congratulations @mcasdfgf!!!
But I agree with @bmeneguele... We need to mature this idea, decide how much we are willing to endure conflicts with other rules/applications that use iptables.

I confess that when I started to develop Nipe, I did not worry about this type of scenario, so I have no idea how to solve it... Any ideas here are welcome.

[htrgouvea]

@mcasdfgf Whenever you do a PR, use the develop branch ... there are the latest updates. Can you fix these conflicts in the code?

[mcasdfgf]

@GouveaHeitor, ok. I will redo...