LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Reply
 
Search this Thread
Old 07-04-2014, 11:26 PM   #1
RHCE_ran
LQ Newbie
 
Registered: Oct 2013
Posts: 15

Rep: Reputation: Disabled
No clarity with iptables save configuration


I have a query with iptables configuration, the sample /etc/sysconfig/iptables file has the contents as below:

__________________________________________________________
# Generated by iptables-save v1.3.5 on Sat Dec 21 17:42:48 2013
*filter
:INPUT ACCEPT [395486230:305451389171]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [242867802:405321956718]
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5667 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5666 -j ACCEPT
COMMIT
__________________________________________________________

What if I want to add 2 more below rules to the configuration as -

-A INPUT -p tcp -m state --state NEW -m tcp --dport 5668 j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5669 j ACCEPT

Can the above 2 rules be added by editing /etc/sysconfig/iptables using vim editor and the iptables service restarted as

service iptables restart

Would editing the /etc/sysconfig/iptables using vim editor add the rules to the iptables configuration?

I hope, my question is clear.

Please revert with the reply to my query.

Regards
 
Old 07-05-2014, 04:40 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,999
Blog Entries: 54

Rep: Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756
Quote:
Originally Posted by RHCE_ran View Post
the sample /etc/sysconfig/iptables file has the contents as below
Please note the sample you posted provides an incomplete view of the rule set.
It also may not be the actual rule set in use.
Best post 'iptables-save' output instead.


Quote:
Originally Posted by RHCE_ran View Post
Can the above 2 rules be added by editing /etc/sysconfig/iptables using vim editor and
Yes.

*Note that unless you need separate rules for specific reasons you may combine these 4 rules into 1 rule using the "multiport" module "--dports".


Quote:
Originally Posted by RHCE_ran View Post
the iptables service restarted as

service iptables restart
Yes.
*That is, if you saved the rule set in your editor ;-p


Quote:
Originally Posted by RHCE_ran View Post
Would editing the /etc/sysconfig/iptables using vim editor add the rules to the iptables configuration?
Yes and no. Editing /etc/sysconfig/iptables only adds the rules on disk. They need to be reloaded in memory and that is why you use either 'service iptables restart' (which is invasive) or interface with the 'iptables' binary directly:

Code:
iptables-save > `mktemp -p /tmp iptables_old.XXXXXXXXXX`
iptables -t filter -n --line-numbers -L INPUT
iptables -t filter -A INPUT -m tcp -p tcp -m state --state NEW -m multiport --dports 5667,5666,5668,5669 j ACCEPT
iptables -t filter -D INPUT 1
iptables -t filter -D INPUT 1
iptables-save > `mktemp -p /tmp iptables_new.XXXXXXXXXX`
*Note doing this without editing /etc/sysconfig/iptables means new / changed rules loaded in memory won't survive a service or machine reboot.
**Never execute given rule set changes (on production machines) without understanding the commands: see 'man iptables'. This may or may not be convenient ;-p
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables error in android: iptables-save and iptables-restore not working preetb123 Linux - Mobile 5 04-11-2011 01:56 PM
Restore iptables Rules that have been saved with iptables-save tiuz Linux - Security 4 08-14-2010 05:50 PM
iptables-save can't save settings Actionscript3 Linux - Software 4 01-29-2009 10:26 AM
cannot save iptables configuration on opensuse 10.3 I have a server running opensuse lorry Linux - Newbie 2 09-26-2008 11:58 AM
iptables-save, iptables-restore, how to set up them in some script sarajevo Linux - Networking 1 03-24-2008 11:39 PM


All times are GMT -5. The time now is 11:47 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration