Peter:

The point is that you should not be running the script at boot if you want 
to save the rules to /etc/sysconfig/iptables, and then have them loaded at 
boot time.

There is already an init script in /etc/init.d (and linked in the various 
/etc/rc.d/rcX.d directories).

Your best bet is to use your script to generate your firewall, initially, 
and then use the init script to save the rules to /etc/sysconfig/iptables 
by issuing the command "service iptables save".

You can then modify your script when you want to add/remove/modify rules, 
and then try them out by doing, as root:

"service iptables stop ; /path/to/firewall.script"

If the rules didn't work properly, you can then "service iptables restart" 
and your old rules get read back from /etc/sysconfig/iptables.

If the rules do work properly, then you should again "service iptables 
save".

On Tue, 24 Sep 2002, linux power wrote:

> I have not said that the script should be saved in
> /etc/sysconfig/iptables.
> I said I have a script with the rules that saves it in
> that file
> 
>  --- Peter Robb <[EMAIL PROTECTED]> skrev: > Yes and
> no Mike.
> > 
> > > linux power <[EMAIL PROTECTED]> said:
> > > > Why doesnt linux load the
> > /etc/sysconfig/iptables
> > > > file?
> > > > I have a shell script I run with the iptables
> > rules,
> > > > and they are saved in /etc/sysconfig/iptables
> > file.
> > > > But when I restart iptables it dont load the
> > file.
> > 
> > The file saved in /etc/sysconfig/iptables isn't a
> > script 
> > file. If you try to put a script file there,
> > iptables won't 
> > read it.
> > It has it's own preferred format, which is what you
> > see 
> > after doing the 'service iptables save' command.
> > Any script file (executable) will need to be
> > elsewhere.
> > 
> > Regards,
> > Peter
> > 
> > 
> > ----------  Forwarded Message  ----------
> > 
> > Subject: Re: Fwd: Re: Why doesnt iptables load the 
> > /etc/sysconfig/iptables file?
> > Date: Mon, 23 Sep 2002 16:42:56 -0000
> > From: "Mike Burger" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > 
> > What script?  Are you talking about the init script
> > I
> >  mentioned, which normally resides in /etc/init.d? 
> > If so,
> >  then what I said stands...at boot time,
> >  /etc/init.d/iptables reads the last saved
> > configuration
> >  from /etc/sysconfig/iptables.
> > 
> > Peter Robb <[EMAIL PROTECTED]> said:
> > > Make sure you don't expect BOTH the script and
> > > /etc/sysconfig/iptables to work together.
> > > It will depend on which loads first and what each
> > one
> > > overwrites.
> > > Many scripts flush and delete existing chains...
> > Hmmm?
> > >
> > > Regards,
> > > Peter
> > >
> > > ----------  Forwarded Message  ----------
> > >
> > > Subject: Re: Why doesnt iptables load the
> > > /etc/sysconfig/iptables file?
> > > Date: Tue, 17 Sep 2002 17:50:45 -0000
> > > From: "Mike Burger" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > >
> > > How, exactly, are you restarting iptables.
> > >
> > > If you "service iptables start", the init script
> > should
> > >  read that /etc/sysconfig/iptables file and
> > implement
> > > that saved configuration.
> > >
> > > linux power <[EMAIL PROTECTED]> said:
> > > > Why doesnt linux load the
> > /etc/sysconfig/iptables
> > > > file?
> > > > I have a shell script I run with the iptables
> > rules,
> > > > and they are saved in /etc/sysconfig/iptables
> > file.
> > > > But when I restart iptables it dont load the
> > file.
> > > > The permissions for the file is --rw--r--r
> > > > The permissions was before I changed it --rw--
> > ---
> > > > I have checked that the rules are not loaded
> > with
> > > > /sbin/iptables -L
> > > > It worked a few days ago. Is it the cron demon
> > that
> > > > change the settings.
> > > >
> > > >
> > > >
> >
> ______________________________________________________
> > > > Se den nye Yahoo! Mail p? http://no.yahoo.com/
> > > > Nytt design, enklere ? bruke, alltid tilgang til
> > > > Adressebok, Kalender og
> > >
> > > Notisbok
> > >
> > > > --
> > > > redhat-list mailing list
> > > > unsubscribe
> > > >
> >
> mailto:[EMAIL PROTECTED]?subject=unsubscri
> > > >be
> > > >
> >
> https://listman.redhat.com/mailman/listinfo/redhat-list
> > >
> > > --
> > > Mike Burger
> > > http://www.bubbanfriends.org
> > >
> > > Visit the Dog Pound II BBS
> > > telnet://dogpound2.citadel.org, or
> > >  http://dogpound2.citadel.org:2000
> > >
> > >
> > >
> > >
> > > --
> > > redhat-list mailing list
> > > unsubscribe
> > > 
> > >
> >
> mailto:[EMAIL PROTECTED]?subject=unsubscribe
> > >
> >
> https://listman.redhat.com/mailman/listinfo/redhat-list
> > >
> > >
> >
> -------------------------------------------------------
> > >
> > >
> > >
> > > --
> > > redhat-list mailing list
> > > unsubscribe
> > >
> >
> mailto:[EMAIL PROTECTED]?subject=unsubscribe
> > >
> >
> https://listman.redhat.com/mailman/listinfo/redhat-list
> > 
> > --
> > Mike Burger
> > http://www.bubbanfriends.org
> > 
> > Visit the Dog Pound II BBS
> > telnet://dogpound2.citadel.org, or
> >  http://dogpound2.citadel.org:2000
> > 
> > 
> > 
> > 
> > --
> > redhat-list mailing list
> > unsubscribe
> > 
> >
> mailto:[EMAIL PROTECTED]?subject=unsubscribe
> > 
> >
> https://listman.redhat.com/mailman/listinfo/redhat-list
> > 
> >
> -------------------------------------------------------
> > 
> > 
> > 
> > -- 
> > redhat-list mailing list
> > unsubscribe
> >
> mailto:[EMAIL PROTECTED]?subject=unsubscribe
> >
> https://listman.redhat.com/mailman/listinfo/redhat-list 
> 
> ______________________________________________________
> Se den nye Yahoo! Mail på http://no.yahoo.com/
> Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok
> 
> 
> 
> 



-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to