hi,

i've written a client and server. the client broadcasts a message to servers on the subnet, and servers reply to the client.

this all works fine as long as iptables is disabled on the server machines. however, when it's enabled, iptables blocks the udp broadcasts.

running iptables -L shows lots of rules. that's fine. the rules it shows though include software like amanda, subversion, etc. i have never manually added any permit rules for iptables for these services.

so, how can i make my server automatically add an iptables permit rule when it loads? do i have to use a port in a certain range, or must it run as root so it can use the shell to insert a permit rule into iptables? i don't really want to take this last approach. it'd be great if there was a way of using a certain port, or editing a whitelist file (would adding the port to /etc/services do this) to permit the port.

does anyone know how i can achieve this?

thanks,
haz

assuming you are running something of the centos/redhat flavor:::
edit the file @ /etc/sysconfig/iptables and I would copy a somewhat similar line and then edit that line accordingly. Once you are done do a service iptables restart and it should load your new rule immediately and on startup.

The other rules were probably created at installation time or if you are running a control panel, it may have added them as well. Good luck!


Edit: you can also specify a port range in these iptables ruleset, so you do not need to specify each port manually. Also, adding to /etc/services will not affect your iptables rules.

ok, thanks. i'll do that.

cheers