> > i use in seawolf > > # iptables-save > /etc/sysconfig/iptables > > # chmod go-r /etc/sysconfig/iptables > > > > but this only save iptables command > > Ok, I take it this means that if I were to issue a series of iptables commands at the prompt, then I could flush those rules that were loaded to the /etc/sysconfig/iptables file, correct?
Yes. The easiest way to do that is "service iptables save" which will execute iptables-save for you. There seems to be a few bugs, at least in the version I use (iptables-1.2.1a-1) so you might want to do "service iptables restart" to verify that it succeeded saving changes. What I've found is that when using MASQUERADE with a port it will save [0:0] -A extpostroute -s 192.168.0.4 -p udp -m udp --sport 6112 -j MASQUERADE 6118 instead of [0:0] -A extpostroute -s 192.168.0.4 -p udp -m udp --sport 6112 -j MASQUERADE --to-ports 6118 It also adds extra quotes to --log-prefix every time I load and save the file. It might be safer to just edit /etc/sysconfig/iptables yourself. It's mostly just a list of iptables commands plus saved statistics for the chains. If you save it once you'll see what it's supposed to look like. Andreas _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
