Because then, the iptables system would not load /etc/sysconfig/iptables at boot. However, the original poster wants the system to load that file at boot, which is accomplished by the normal startup of iptables from the normal init script.
On 24 Sep 2002, Richie Crews wrote: > Why dont you do a "chkconfig --level 2345 iptables off"? This should > remove all instances of the startup of iptables. > > On Tue, 2002-09-24 at 08:12, Mike Burger wrote: > > Peter: > > > > The point is that you should not be running the script at boot if you want > > to save the rules to /etc/sysconfig/iptables, and then have them loaded at > > boot time. > > > > There is already an init script in /etc/init.d (and linked in the various > > /etc/rc.d/rcX.d directories). > > > > Your best bet is to use your script to generate your firewall, initially, > > and then use the init script to save the rules to /etc/sysconfig/iptables > > by issuing the command "service iptables save". > > > > You can then modify your script when you want to add/remove/modify rules, > > and then try them out by doing, as root: > > > > "service iptables stop ; /path/to/firewall.script" > > > > If the rules didn't work properly, you can then "service iptables restart" > > and your old rules get read back from /etc/sysconfig/iptables. > > > > If the rules do work properly, then you should again "service iptables > > save". > > > > On Tue, 24 Sep 2002, linux power wrote: > > > > > I have not said that the script should be saved in > > > /etc/sysconfig/iptables. > > > I said I have a script with the rules that saves it in > > > that file > > > > > > --- Peter Robb <[EMAIL PROTECTED]> skrev: > Yes and > > > no Mike. > > > > > > > > > linux power <[EMAIL PROTECTED]> said: > > > > > > Why doesnt linux load the > > > > /etc/sysconfig/iptables > > > > > > file? > > > > > > I have a shell script I run with the iptables > > > > rules, > > > > > > and they are saved in /etc/sysconfig/iptables > > > > file. > > > > > > But when I restart iptables it dont load the > > > > file. > > > > > > > > The file saved in /etc/sysconfig/iptables isn't a > > > > script > > > > file. If you try to put a script file there, > > > > iptables won't > > > > read it. > > > > It has it's own preferred format, which is what you > > > > see > > > > after doing the 'service iptables save' command. > > > > Any script file (executable) will need to be > > > > elsewhere. > > > > > > > > Regards, > > > > Peter > > > > > > > > > > > > ---------- Forwarded Message ---------- > > > > > > > > Subject: Re: Fwd: Re: Why doesnt iptables load the > > > > /etc/sysconfig/iptables file? > > > > Date: Mon, 23 Sep 2002 16:42:56 -0000 > > > > From: "Mike Burger" <[EMAIL PROTECTED]> > > > > To: <[EMAIL PROTECTED]> > > > > > > > > What script? Are you talking about the init script > > > > I > > > > mentioned, which normally resides in /etc/init.d? > > > > If so, > > > > then what I said stands...at boot time, > > > > /etc/init.d/iptables reads the last saved > > > > configuration > > > > from /etc/sysconfig/iptables. > > > > > > > > Peter Robb <[EMAIL PROTECTED]> said: > > > > > Make sure you don't expect BOTH the script and > > > > > /etc/sysconfig/iptables to work together. > > > > > It will depend on which loads first and what each > > > > one > > > > > overwrites. > > > > > Many scripts flush and delete existing chains... > > > > Hmmm? > > > > > > > > > > Regards, > > > > > Peter > > > > > > > > > > ---------- Forwarded Message ---------- > > > > > > > > > > Subject: Re: Why doesnt iptables load the > > > > > /etc/sysconfig/iptables file? > > > > > Date: Tue, 17 Sep 2002 17:50:45 -0000 > > > > > From: "Mike Burger" <[EMAIL PROTECTED]> > > > > > To: <[EMAIL PROTECTED]> > > > > > > > > > > How, exactly, are you restarting iptables. > > > > > > > > > > If you "service iptables start", the init script > > > > should > > > > > read that /etc/sysconfig/iptables file and > > > > implement > > > > > that saved configuration. > > > > > > > > > > linux power <[EMAIL PROTECTED]> said: > > > > > > Why doesnt linux load the > > > > /etc/sysconfig/iptables > > > > > > file? > > > > > > I have a shell script I run with the iptables > > > > rules, > > > > > > and they are saved in /etc/sysconfig/iptables > > > > file. > > > > > > But when I restart iptables it dont load the > > > > file. > > > > > > The permissions for the file is --rw--r--r > > > > > > The permissions was before I changed it --rw-- > > > > --- > > > > > > I have checked that the rules are not loaded > > > > with > > > > > > /sbin/iptables -L > > > > > > It worked a few days ago. Is it the cron demon > > > > that > > > > > > change the settings. > > > > > > > > > > > > > > > > > > > > > > > > > ______________________________________________________ > > > > > > Se den nye Yahoo! Mail p? http://no.yahoo.com/ > > > > > > Nytt design, enklere ? bruke, alltid tilgang til > > > > > > Adressebok, Kalender og > > > > > > > > > > Notisbok > > > > > > > > > > > -- > > > > > > redhat-list mailing list > > > > > > unsubscribe > > > > > > > > > > > > > mailto:[EMAIL PROTECTED]?subject=unsubscri > > > > > >be > > > > > > > > > > > > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > > > > > -- > > > > > Mike Burger > > > > > http://www.bubbanfriends.org > > > > > > > > > > Visit the Dog Pound II BBS > > > > > telnet://dogpound2.citadel.org, or > > > > > http://dogpound2.citadel.org:2000 > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > redhat-list mailing list > > > > > unsubscribe > > > > > > > > > > > > > > > > > mailto:[EMAIL PROTECTED]?subject=unsubscribe > > > > > > > > > > > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > > > > > > > > > > > > > > > > > -- > > > > > redhat-list mailing list > > > > > unsubscribe > > > > > > > > > > > > mailto:[EMAIL PROTECTED]?subject=unsubscribe > > > > > > > > > > > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > > > -- > > > > Mike Burger > > > > http://www.bubbanfriends.org > > > > > > > > Visit the Dog Pound II BBS > > > > telnet://dogpound2.citadel.org, or > > > > http://dogpound2.citadel.org:2000 > > > > > > > > > > > > > > > > > > > > -- > > > > redhat-list mailing list > > > > unsubscribe > > > > > > > > > > > mailto:[EMAIL PROTECTED]?subject=unsubscribe > > > > > > > > > > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > > > > > > ------------------------------------------------------- > > > > > > > > > > > > > > > > -- > > > > redhat-list mailing list > > > > unsubscribe > > > > > > > mailto:[EMAIL PROTECTED]?subject=unsubscribe > > > > > > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > ______________________________________________________ > > > Se den nye Yahoo! Mail på http://no.yahoo.com/ > > > Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok > > > > > > > > > > > > > > > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > > https://listman.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list