IPTABLES

The_JinJ · 11-20-2004, 01:05 AM

If I manually add a rule via the command line like:
#iptables -A INPUT -s 127.0.0.1 -p ICMP -j DROP
it works fine but I'm trying to add this to /etc/sysconfig/iptables. I used the same syntax but when I reload iptables i get an error:

Applying iptables firewall rules: iptables-restore: line 2 failed

Is the syntax in the file different than on the commend line?

Tinkster · 11-20-2004, 01:19 AM

If what MDK/FC store in /etc/sysconfig/iptables
is the result/input of an iptables-save/-restore
operation it's definitely different.

Those files aren't your normal shell-script kind
of firewall setup-scripts.

Try a
iptables-save | less
with a few rules active to see what I mean :)

Cheers,
Tink

The_JinJ · 11-20-2004, 01:25 AM

Quote:

Originally posted by Tinkster
If what MDK/FC store in /etc/sysconfig/iptables
is the result/input of an iptables-save/-restore
operation it's definitely different.

Those files aren't your normal shell-script kind
of firewall setup-scripts.

Try a
iptables-save | less
with a few rules active to see what I mean

Cheers,
Tink

Cheers Tinkster, I see what you mean....
Where do these rules save then and how do you write a file that contains them? Or am I missing something here?

Tinkster · 11-20-2004, 01:29 AM

All you need to do is (once the firewall is doing what you
want it to do) as root:

iptables-save > /etc/sysconfig/iptables

:}

Cheers,
Tink

The_JinJ · 11-20-2004, 01:31 AM

Quote:

Originally posted by Tinkster
All you need to do is (once the firewall is doing what you
want it to do) as root:

iptables-save > /etc/sysconfig/iptables

:}

Cheers,
Tink

DOH!!! That's so obvious!! lol...cheers Tinkster!

Tinkster · 11-20-2004, 01:33 AM

You're welcome mate :)

Cheers,
Tink

The_JinJ · 11-20-2004, 01:40 AM

In case anyone is looking in here, I found this good tutorial which explains it all - http://www.faqs.org/docs/iptables/index.html