[SOLVED] edit /etc/sysconfig/iptables vs service iptables save

[blueiced]

I got confused in iptables.
I have some simple rules that i define manually with commands, for example : iptables -A INPUT -p tcp --dport 22 -j ACCEPT.
And to save it, i use command service iptables save. Okay, no problem with that...

But when I edited the file /etc/sysconfig/iptables directly, and run service iptables save again, the rules inside /etc/sysconfig/iptables is changed to the state before i edit that file..
Then I assume, i shouldn't run service iptables save when i decide to directly edit /etc/sysconfig/iptables..is it right?
So is there a way i can manage iptables with command line together with edit the file directly?

[Lazydog]

After you edit the file you need to reload the file by restarting IPTABLES. The reason the file is getting over written is because you are telling IPTABLES to write what it knows to the file which over writes what you have done because you didn't restart/reload IPTABLES for it to know about your changes. Why are you saving the files to begin with? If you are editing the file by hand no reason o save it.

[blueiced]

Thx for the reply Lazydog.

so in other words, i can't use both method to write iptables rules?
if i decide to edit the file directly, i can't use iptables save command and if i decide otherwise, i shouldn't mess with the /etc/sysconfig/iptables file?

i think if i'm only managing some simple rules, using iptables command is more practical..
So in your opinion, which method is better?
many thanks..

[Lazydog]

If you are just adding a rule then I would say add the rule then save the rules after you are sure it does what you want..
If you are doing a complete re-write the edit the file and restart iptables when done.

[blueiced]

okay..thx Lazydog.
I begin to get a grasp on this.. Really appreciate your input..