Find the answer to your Linux question:
Page 2 of 2 FirstFirst 1 2
Results 11 to 13 of 13
iptables-save writes to stdout. Typically, the init script for iptables uses it on stopping the service to redirect to /etc/sysconfig/iptables-config (RH-like distros) or /etc/iptables-rules (Debian distros). There are probably scenarios ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Linux Enthusiast Mudgen's Avatar
    Join Date
    Feb 2007
    Location
    Virginia
    Posts
    664

    iptables-save writes to stdout. Typically, the init script for iptables uses it on stopping the service to redirect to /etc/sysconfig/iptables-config (RH-like distros) or /etc/iptables-rules (Debian distros). There are probably scenarios that use other locations/filenames. The init script then uses iptables-restore with input redirected from that file on startup.

    Very good how-to in a nutshell, though.

  2. #12
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    I just did some searching and found the best way to write the config file for iptables is to use the following:

    Code:
    /etc/init.d/iptables save
    I don't use this method as I edit /etc/sysconfig/iptables file by hand so everything is saved when I am done. The iptables-save I read in the Tutorial but never used it. Just goes to show you can teach an old dog new tricks. Thnx for pointing this out..

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #13
    Linux Enthusiast Mudgen's Avatar
    Join Date
    Feb 2007
    Location
    Virginia
    Posts
    664
    Yes, that's the best way to do it explicitly. That save function of the iptables init script is called by both the stop and restart functions, so any orderly shut down or restart of the service, including an orderly system reboot, will result in saving the current tables and using them on restart. This is probably the best option for most folks, as it ensures that the correct directory/file are used and that the contents are syntactically (though not necessarily logically correct). Experienced engineers can get away with hand-editing because they're prepared to find and fix the problem if they mung up the syntax or misplace the file.

  4. $spacer_open
    $spacer_close
Page 2 of 2 FirstFirst 1 2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •