Peter: The point is that you should not be running the script at boot if you want to save the rules to /etc/sysconfig/iptables, and then have them loaded at boot time.
There is already an init script in /etc/init.d (and linked in the various /etc/rc.d/rcX.d directories). Your best bet is to use your script to generate your firewall, initially, and then use the init script to save the rules to /etc/sysconfig/iptables by issuing the command "service iptables save". You can then modify your script when you want to add/remove/modify rules, and then try them out by doing, as root: "service iptables stop ; /path/to/firewall.script" If the rules didn't work properly, you can then "service iptables restart" and your old rules get read back from /etc/sysconfig/iptables. If the rules do work properly, then you should again "service iptables save". On Tue, 24 Sep 2002, linux power wrote: > I have not said that the script should be saved in > /etc/sysconfig/iptables. > I said I have a script with the rules that saves it in > that file > > --- Peter Robb <[EMAIL PROTECTED]> skrev: > Yes and > no Mike. > > > > > linux power <[EMAIL PROTECTED]> said: > > > > Why doesnt linux load the > > /etc/sysconfig/iptables > > > > file? > > > > I have a shell script I run with the iptables > > rules, > > > > and they are saved in /etc/sysconfig/iptables > > file. > > > > But when I restart iptables it dont load the > > file. > > > > The file saved in /etc/sysconfig/iptables isn't a > > script > > file. If you try to put a script file there, > > iptables won't > > read it. > > It has it's own preferred format, which is what you > > see > > after doing the 'service iptables save' command. > > Any script file (executable) will need to be > > elsewhere. > > > > Regards, > > Peter > > > > > > ---------- Forwarded Message ---------- > > > > Subject: Re: Fwd: Re: Why doesnt iptables load the > > /etc/sysconfig/iptables file? > > Date: Mon, 23 Sep 2002 16:42:56 -0000 > > From: "Mike Burger" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > > > What script? Are you talking about the init script > > I > > mentioned, which normally resides in /etc/init.d? > > If so, > > then what I said stands...at boot time, > > /etc/init.d/iptables reads the last saved > > configuration > > from /etc/sysconfig/iptables. > > > > Peter Robb <[EMAIL PROTECTED]> said: > > > Make sure you don't expect BOTH the script and > > > /etc/sysconfig/iptables to work together. > > > It will depend on which loads first and what each > > one > > > overwrites. > > > Many scripts flush and delete existing chains... > > Hmmm? > > > > > > Regards, > > > Peter > > > > > > ---------- Forwarded Message ---------- > > > > > > Subject: Re: Why doesnt iptables load the > > > /etc/sysconfig/iptables file? > > > Date: Tue, 17 Sep 2002 17:50:45 -0000 > > > From: "Mike Burger" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > > > > How, exactly, are you restarting iptables. > > > > > > If you "service iptables start", the init script > > should > > > read that /etc/sysconfig/iptables file and > > implement > > > that saved configuration. > > > > > > linux power <[EMAIL PROTECTED]> said: > > > > Why doesnt linux load the > > /etc/sysconfig/iptables > > > > file? > > > > I have a shell script I run with the iptables > > rules, > > > > and they are saved in /etc/sysconfig/iptables > > file. > > > > But when I restart iptables it dont load the > > file. > > > > The permissions for the file is --rw--r--r > > > > The permissions was before I changed it --rw-- > > --- > > > > I have checked that the rules are not loaded > > with > > > > /sbin/iptables -L > > > > It worked a few days ago. Is it the cron demon > > that > > > > change the settings. > > > > > > > > > > > > > > > ______________________________________________________ > > > > Se den nye Yahoo! Mail p? http://no.yahoo.com/ > > > > Nytt design, enklere ? bruke, alltid tilgang til > > > > Adressebok, Kalender og > > > > > > Notisbok > > > > > > > -- > > > > redhat-list mailing list > > > > unsubscribe > > > > > > > mailto:[EMAIL PROTECTED]?subject=unsubscri > > > >be > > > > > > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > -- > > > Mike Burger > > > http://www.bubbanfriends.org > > > > > > Visit the Dog Pound II BBS > > > telnet://dogpound2.citadel.org, or > > > http://dogpound2.citadel.org:2000 > > > > > > > > > > > > > > > -- > > > redhat-list mailing list > > > unsubscribe > > > > > > > > > mailto:[EMAIL PROTECTED]?subject=unsubscribe > > > > > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > > > > ------------------------------------------------------- > > > > > > > > > > > > -- > > > redhat-list mailing list > > > unsubscribe > > > > > > mailto:[EMAIL PROTECTED]?subject=unsubscribe > > > > > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > -- > > Mike Burger > > http://www.bubbanfriends.org > > > > Visit the Dog Pound II BBS > > telnet://dogpound2.citadel.org, or > > http://dogpound2.citadel.org:2000 > > > > > > > > > > -- > > redhat-list mailing list > > unsubscribe > > > > > mailto:[EMAIL PROTECTED]?subject=unsubscribe > > > > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > ------------------------------------------------------- > > > > > > > > -- > > redhat-list mailing list > > unsubscribe > > > mailto:[EMAIL PROTECTED]?subject=unsubscribe > > > https://listman.redhat.com/mailman/listinfo/redhat-list > > ______________________________________________________ > Se den nye Yahoo! Mail på http://no.yahoo.com/ > Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok > > > > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list