[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: iptables

From: "C. Linus Hicks" <lhicks nc rr com>
To: redhat-list redhat com
Subject: Re: iptables
Date: Wed Jul 31 22:08:19 2002

On Wed, 2002-07-31 at 16:33, Anthony E. Greene wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 31-Jul-2002/13:06 -0400, "C. Linus Hicks" <lhicks nc rr com> wrote:
> >I took a somewhat heavy handed approach to this. I modified the iptables
> >script in /etc/init.d to check for the existence of a shell script I
> >wrote to set the rules, and if it exists, run that rather than applying
> >the saved rules. Please note that modifications such as this will more
> >than likely get lost the next time you upgrade. It is also susceptible
> >to updates like initscripts.
> 
> This is why I generally recommend creating a shell script that creates all
> firewall rules, then saves them using "service iptables save". You update
> the script, run it, and the changes are made and saved. The next time you
> reboot and/or restart iptables, the changes created by the custom shell
> script are re-applied as part of the normal initscript process. 

That doesn't solve the problem when the act of booting may cause a new
IP address to be assigned.

Linus

Follow-Ups:
- Re: iptables
  - From: Anthony E. Greene
- Re: iptables
  - From: Jason Costomiris

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]