Priority: script to run on boot vs. "service iptables save"

iheardrain · 09-30-2004, 07:46 PM

Suppose you have the rc.firewall script setup to run on boot and you also have saved a set of rules using the ‘service iptables save’ command. Also, you have used ntsysv to enable iptables to initialize for runlevels 3, 4, and 5. If you now boot, which rule set will be in effect – the rc.firewall rule set or the /etc/sysconfig/iptables rule set?

Thanks guys...

michaelk · 09-30-2004, 07:53 PM

I would say that which ever script runs last would be in effect.

Tinkster · 09-30-2004, 07:56 PM

I don't have the service thing-a-majick so I
wouldn't be able to test :) ... but why don't you
just do a "iptables-save > ~/test" and compare
that file to your saved rule-set? ;}

Cheers,
Tink

iheardrain · 09-30-2004, 08:22 PM

Well most of the time in linux the first has the say in whats going on. When you write a script the first rules always win priority...

Tinkster · 09-30-2004, 08:30 PM

Not if the second script flushes all rules ;)
... which is what most firewall scripts would
do, just to make sure.

Cheers,
Tink

iheardrain · 09-30-2004, 09:53 PM

To flush I would have to run a flush command... Right? It's what I'm studying right now in my linux firewall class...