Mailing List Archive

I didn't know that iptables had a default config file, so what I have been
using is a bash script that executes the flush command 'iptables -F' first
then continues with all my rules. When I make a change to the script I just
rerun it and voila the changes are installed. I have run this during peak
production hours (don't tell the boss), without anyone noticing.

This may not be what you are looking for but it's a useful hack for
re-reading a configuration, and would support multiple files, such as a wide
open configuration for testing issues and a default high-security
setting...or one that perhaps blocks bandwidth hogs. You get the drift.

o !
____ //\ _____________
_ _ / \ _ _ _ _ _ _
________-josiah___


-----Original Message-----
From: Badre Munir [mailto:badr@giki.edu.pk]
Sent: Monday, August 06, 2001 9:59 AM
To: netfilter list
Subject: iptables configuration file



Isn't the command
service iptables restart

supposed to restart iptables and iptables should read its configuration
from /etc/syconfig/iptables, i.e. like ipchains?!

Correct me if I am missing something!

Badr

Well, thanx for taking the time for a detailed reply. I was aware of this
but strangely enough, iptables -F, didn't work for me! thats why i was
digging into the configuration file issue

Badr

On Mon, 6 Aug 2001, Josiah DeWitt wrote:

> I didn't know that iptables had a default config file, so what I have been
> using is a bash script that executes the flush command 'iptables -F' first
> then continues with all my rules. When I make a change to the script I just
> rerun it and voila the changes are installed. I have run this during peak
> production hours (don't tell the boss), without anyone noticing.
>
> This may not be what you are looking for but it's a useful hack for
> re-reading a configuration, and would support multiple files, such as a wide
> open configuration for testing issues and a default high-security
> setting...or one that perhaps blocks bandwidth hogs. You get the drift.
>
> o !
> ____ //\ _____________
> _ _ / \ _ _ _ _ _ _
> ________-josiah___
>
>
> -----Original Message-----
> From: Badre Munir [mailto:badr@giki.edu.pk]
> Sent: Monday, August 06, 2001 9:59 AM
> To: netfilter list
> Subject: iptables configuration file
>
>
>
> Isn't the command
> service iptables restart
>
> supposed to restart iptables and iptables should read its configuration
> from /etc/syconfig/iptables, i.e. like ipchains?!
>
> Correct me if I am missing something!
>
> Badr
>
>

On Monday 06 August 2001 19:36, Josiah DeWitt wrote:
> I didn't know that iptables had a default config file, so what I have been
> using is a bash script that executes the flush command 'iptables -F' first
> then continues with all my rules. When I make a change to the script I
> just rerun it and voila the changes are installed. I have run this during
> peak production hours (don't tell the boss), without anyone noticing.


> -----Original Message-----
> From: Badre Munir [mailto:badr@giki.edu.pk]
> Sent: Monday, August 06, 2001 9:59 AM
> To: netfilter list
> Subject: iptables configuration file
>
>
>
> Isn't the command
> service iptables restart
>
> supposed to restart iptables and iptables should read its configuration
> from /etc/syconfig/iptables, i.e. like ipchains?!
>
> Correct me if I am missing something!

Hi
This is how its done on RedHat 7.1 Seawolf
but i dont think that it's done like this in other
distr.
Regards Jörgen

Badre Munir wrote:

> Isn't the command
> service iptables restart
>
> supposed to restart iptables and iptables should read its configuration
> from /etc/syconfig/iptables, i.e. like ipchains?!
>
> Correct me if I am missing something!
>
> Badr

Mr. Munir,

Not quite. With RedHat 7.1, the iptables rules are supposed to be dumped
with iptables-save into /etc/sysconfig/iptables, then the
script /etc/rc.d/init.d/iptables (IIRC) uses iptables-restore to load
those rules. AFAIK, iptables has no ability to read a config file and
execute commands from it (but it might be a neat feature ;-)

Brad