In /etc/rc.d, there are startup scripts for both iptables and ipchains :
S08ipchains S08iptables Each of these seems to get its configuration information from the following files respectively, if they exist : /etc/sysconfig/ipchains /etc/sysconfig/iptables The first file /etc/sysconfig/ipchains is created/updated automatically by lokkit. However, I am quickly finding that lokkit can only provide the most simple of rules. For greater flexibility (eg. specifying source addresses), I'm having to append my own rules. (ie. ipchains -A input .... ) In order for my rules to be started at startup time, I could manually edit /etc/sysconfig/ipchains but that's not ideal b/c my changes would be overwritten next time lokkit is run. Seems like I should therefore : 1. Delete /etc/sysconfig/ipchains 2. Remember not to use lokkit any more (or else /etc/sysconfig/ipchains will be recreated) 3. /sbin/ipchains-save > /etc/ipchains.rules 4. Create a new startup script such as /etc/rc.d/S08myipchains which simply does the following : #!/bin/sh ipchains-restore < /etc/ipchains.rules OR : 1. Simply /sbin/ipchains-save > /etc/sysconfig/ipchains 2. Disable the lokkit program. Is this the correct procedure ? Thanks in advance, chas _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
