LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Disable IPTABLES init script (https://www.linuxquestions.org/questions/linux-newbie-8/disable-iptables-init-script-654404/)

the_new_z 07-08-2008 04:42 PM
Disable IPTABLES init script
 
Hello guys,

Before I used to run an iptables script I found on howtoforge, but now I switched to arno's firewall. The problem now is that on bootup arno is initiated first and then iptables, which effectively overrides arno's. So, should I remove the iptables script from /etc/init.d/? Doesn't arno's firewall need iptables? How can I make sure that the two don't interfere?

As you can see I am a beginner and very confused, so any help is welcome.

trickykid 07-09-2008 09:20 AM
If arno's script has it's own init script, usually you can do a chkconfig <name-of-init-script> off to disable an init script.

man chkconfig for more details.

the_new_z 07-09-2008 09:55 AM
Thank you. I read about chkconfig and from what I understand, I can stop the init script I don't need. However, my concern is that I have to disable the iptables init script, which seems like a bad idea to me. Because, as far as I know, arno's script is based on iptables and probably it won't run without iptables.

So, does anybody know how to leave iptables, but tell it not to load the old iptables rules that I used before?

trickykid 07-09-2008 10:00 AM
iptables is a command, not a service per se. If arno's script calls iptables when it runs, it should start all the firewall rules. What distribution is this on? I know in Red Hat or CentOS, the default firewall configs can reside in /etc/sysconfig

the_new_z 07-09-2008 10:36 AM
Sorry, it is Ubuntu 6.06 LTS Server. Arno's iptables firewall has an init script in /etc/init.d/ and a symlink in /etc/rcS.d/ while I see iptables in all run levels and I am thinking that I shouldn't disable iptables with chkconfig.

the_new_z 07-09-2008 11:02 AM
OK, I found that iptables active and inactive counters are located in /var/lib/iptables/. I guess the init script calls the active set and I don't want it to call anything, because arno's script has already started by that time. Do you know how I can accomplish this?

jomen 07-09-2008 11:27 AM
Both your original and the new (arnos) firewall-script use the "iptables" command to setup the filter rules for your firewall.
You should know what makes the one better than the other - after all it was you who decided to toss the prior one in favour of arnos script.
You only need one - though you really should know what one does better than the other.

AFAIK disabling a service is done by: update-rc.d -f yourfirewallscript remove
The same way you add the other script: update-rc.d arnosscript multiuser (for instance)

the_new_z 07-09-2008 11:47 AM
Thank you, guys. This pretty much worked:

update-rc.d -f yourfirewallscript remove

Now, only arno's loads. As to why I am using it, because the old script I used was rather basic and I read some good reviews of arno's and decided to switch. I guess it's more secure and it also offers some extra plugins and stuff that I am about to figure out.

Well, thanks again. I am amazed by how quickly I find the answer over here. ALWAYS! I really appreciate everyone's help!


All times are GMT -5. The time now is 06:13 PM.