Disable IPTABLES init script
Hello guys,
Before I used to run an iptables script I found on howtoforge, but now I switched to arno's firewall. The problem now is that on bootup arno is initiated first and then iptables, which effectively overrides arno's. So, should I remove the iptables script from /etc/init.d/? Doesn't arno's firewall need iptables? How can I make sure that the two don't interfere? As you can see I am a beginner and very confused, so any help is welcome. |
If arno's script has it's own init script, usually you can do a chkconfig <name-of-init-script> off to disable an init script.
man chkconfig for more details. |
Thank you. I read about chkconfig and from what I understand, I can stop the init script I don't need. However, my concern is that I have to disable the iptables init script, which seems like a bad idea to me. Because, as far as I know, arno's script is based on iptables and probably it won't run without iptables.
So, does anybody know how to leave iptables, but tell it not to load the old iptables rules that I used before? |
iptables is a command, not a service per se. If arno's script calls iptables when it runs, it should start all the firewall rules. What distribution is this on? I know in Red Hat or CentOS, the default firewall configs can reside in /etc/sysconfig
|
Sorry, it is Ubuntu 6.06 LTS Server. Arno's iptables firewall has an init script in /etc/init.d/ and a symlink in /etc/rcS.d/ while I see iptables in all run levels and I am thinking that I shouldn't disable iptables with chkconfig.
|
OK, I found that iptables active and inactive counters are located in /var/lib/iptables/. I guess the init script calls the active set and I don't want it to call anything, because arno's script has already started by that time. Do you know how I can accomplish this?
|
Both your original and the new (arnos) firewall-script use the "iptables" command to setup the filter rules for your firewall.
You should know what makes the one better than the other - after all it was you who decided to toss the prior one in favour of arnos script. You only need one - though you really should know what one does better than the other. AFAIK disabling a service is done by: update-rc.d -f yourfirewallscript remove The same way you add the other script: update-rc.d arnosscript multiuser (for instance) |
Thank you, guys. This pretty much worked:
update-rc.d -f yourfirewallscript remove Now, only arno's loads. As to why I am using it, because the old script I used was rather basic and I read some good reviews of arno's and decided to switch. I guess it's more secure and it also offers some extra plugins and stuff that I am about to figure out. Well, thanks again. I am amazed by how quickly I find the answer over here. ALWAYS! I really appreciate everyone's help! |
All times are GMT -5. The time now is 06:13 PM. |