[WBEL-users] iptables - where and how to insert the rules ?

Kirby C. Bohling kbohling@birddog.com
Fri, 3 Dec 2004 12:18:19 -0600 

On Fri, Dec 03, 2004 at 06:02:07PM +0000, Mário Gamito wrote:
> Hi,
> 
> Thank you for your answer.
> 
> I did what you told me.
> Now... where are the rules saved ?

Look here:

/etc/sysconfig/iptables-config

That is the config file.  I figured that out by reading:
/etc/init.d/iptables

That is in iptables dump format like the other person described.

Looking the /etc/init.d/iptables script, it sure looks like you
could put an honest to goodness shell script in
/etc/sysconfig/iptables and have it run.  It looks like you could
set environment variables, and other things to affect this script,
I'm not sure what it's documented purpose is, but it sure looks like
this line right here:

[ -f "$IPTABLES_CONFIG" ] && . "$IPTABLES_CONFIG"

will source the /etc/sysconfig/iptables file.

My guess is that the real purpose of that file, is that if you want
all modifications to be saved automatically you can add:

IPTABLES_SAVE_ON_STOP="yes"

to /etc/sysconfig/iptables and then changes will automatically be
saved (I'd never ever do that, but my guess that is it's purpose).
That environment variable is examined when:

# service iptables stop

is run.

	Thanks,
		Kirby


> 
> Thank you.
> 
> Warm Regards,
> Mário Gamito
> 
> Kirby C. Bohling wrote:
> >On Fri, Dec 03, 2004 at 12:07:01PM +0000, Mário Gamito wrote:
> >
> >>Hi,
> >>
> >>I'm currently running a development server based on WBEL, with a few 
> >>iptables rules, because i don't want no one except the development team 
> >>to access it.
> >>
> >>Well, i have this executable, rc.firewall in /etc, being called form 
> >>/etc/rc.local
> >>
> >>I believe this is not the right thing (TM) to do, although it works.
> >>
> >>From what i saw in iptables ctl, the rules should be in 
> >>/etc/sysconfig/iptables, right ?
> >>But when i insert them in that file, i always get an error from 
> >>"/etc/init.d/iptables start", saying it doesn't recognize the text.
> >>
> >>Any help about how it should be done ?
> >>
> >
> >
> >At the end of this thread you get pointed in the right general
> >direction.  The easiest way to deal with this is to set the firewall
> >rules exactly the way you want them.  Then run:
> >
> ># service iptables save
> ># chkconfig iptables on
> >
> >(remove rc.firewall from rc.local)
> >
> >Now reboot.  You should see that everything is configured exactly
> >the way had it before.
> >
> >	Thanks,
> >		Kirby
> >
> >_______________________________________________
> >Whitebox-users mailing list
> >Whitebox-users@beau.org
> >http://beau.org/mailman/listinfo/whitebox-users
> 
> 
> -- 
> Mário Gamito
> Administração de sistemas e desenvolvimento
> Netual - Multimédia e Telecomunicações, Lda.
> Rua João Afonso, Nº1
> 3800-198 Aveiro - Portugal
> Tel. +351 234 371 431 / Fax. +351 234 371 438
> E-mail: gamito@netual.pt
> www.netual.pt
> _______________________________________________
> Whitebox-users mailing list
> Whitebox-users@beau.org
> http://beau.org/mailman/listinfo/whitebox-users
>