On 7/5/06, James <[EMAIL PROTECTED]> wrote:
> 1) /etc/init.d/iptables save
This will work if one loads the rules manually at the command line. Where do I put a scirpt of iptables command, so it is read the rule sets generated and then saved into /var/lib/iptables/rules-save?
Anywhere you like. All that matters is that you run it so your iptables are setup like you want, then run "/etc/init.d/iptables save" followed by "rc-update -a iptables default".
After that if I want to modify the rules, I edit my script, run my script manually, then issue: "iptables-save > /var/lib/iptables/rules-save"
No, "/etc/init.d/iptables save" is the better choice. The file might move, or the format change, or something similar.
If I want to then test the rules, without rebooting, I issue: /etc/init.d/iptables stop /etc/init.d/iptables start
Not necessary. After running your script, the tables will be setup according to the script, and you can test away. You probably want your script to have the following at the top: iptables -F iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP This flushes all rules, and resets the default policies, so that only the rules that you specify later take effect. Very useful for clearing out old artifacts of stuff...
What I'm looking for is the series of steps to 1. Where best to locate my script?
Mine is in ~/bin/.
2. Insert (new) commands into the script.
$EDITOR
3. convert new scrited commands into rulesets 4. Load rulesets into the /var/lib/iptables/rules-save
Don't do this. Run your script, and let "/etc/init.d/iptables save" do the work for you.
5. Restart the iptables/netfilter firewall
If you flush/reset like I describe above, this is not necessary, just run your script.
If what I work above [A] is correct then I just need some suggestions as to where the scipt should be located under /etc/, for consistentcy with gentoo mindsets.
You can put it anywhere you like. I prefer ~/bin/ since there I know it is *not* something that Gentoo created. -Richard -- gentoo-user@gentoo.org mailing list
