** Reply to message from Peter Robb <[EMAIL PROTECTED]> on Tue, 24 Sep 2002 12:06:46 +0200
> Yes and no Mike. > > > linux power <[EMAIL PROTECTED]> said: > > > Why doesnt linux load the /etc/sysconfig/iptables > > > file? > > > I have a shell script I run with the iptables rules, > > > and they are saved in /etc/sysconfig/iptables file. > > > But when I restart iptables it dont load the file. > > The file saved in /etc/sysconfig/iptables isn't a script > file. If you try to put a script file there, iptables won't > read it. > It has it's own preferred format, which is what you see > after doing the 'service iptables save' command. > Any script file (executable) will need to be elsewhere. <snip> Yep, and don't blame RH for the format; this is the work of the iptables/netfilter team. The preferred way to handle this is to write your script; test and tune it; then when you have everything the way you want it, save it to /stc/sysconfig/iptables by issuing the /sbin/service iptables save which invokes the /sbin/iptables-save command. Then activate this ruleset via: /sbin/service iptables start To ensure the newly saved rules are invoked on bootup, setup the initscript links with: /sbin/chkconfig iptables on So in summary, you make any rukeset changes using your shell script, then load those changes with "iptables save". If you do not want to use the "iptables save" method, then just invoke your own shell script and turn off the iptables service and the iptables initscript links. But you shouldn't use them both simultaneously since there could likely be an untimely flushing and clearing of tables you weren't expecting. jb -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
