iptables restart
Sean Estabrooks
seanlkml at sympatico.ca
Sat Jun 12 03:44:14 UTC 2004
On Fri, 11 Jun 2004 19:17:13 -0700
"jdow" <jdow at earthlink.net> wrote:
> From: "Craig White" <craigwhite at azapple.com>
>
> > On Fri, 2004-06-11 at 16:24, Nina Pham wrote:
> > > Hi, I change the rules in the iptables, what do I need to do to make
> > > sure that it will be in affect nexttime I boot the system.
> > ---
> > service iptables save
>
> Have "they" solved the dynamic IP address issue with the usual approach
> of "service iptables save" which simply presumes you have the same IP
> address upon reboot? I ended up rolling my own firewall to get around
> the issue.
It's not the "service iptables save" that presumes you have the same IP,
rather the rules that you choose to use. There aren't too many situations
where you actually need to reference your IP address directly, except
maybe if you have multiple IP's bound to an interface.
For instance, connection sharing the internet with your local hosts you
should use the MASQUERADE target instead of SNAT and the current
IP addy of the outgoing interface will automatically be used:
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
So no rule changes are needed just because your IP changes. Similarly,
you can code most rules by interface (eg. eth0) rather than by IP address.
Once you have your rules coded without reference to current ip address
you're all set. From a quick check of system-config-securitylevel it doesn't
seem to reference the current IP address when creating rules so there
shouldn't be a problem creating your rules that way.
Regards,
Sean
More information about the fedora-list
mailing list