Quote:
Originally Posted by RHCE_ran
the sample /etc/sysconfig/iptables file has the contents as below
|
Please note the sample you posted provides an incomplete view of the rule set.
It also may not be the actual rule set in use.
Best post 'iptables-save' output instead.
Quote:
Originally Posted by RHCE_ran
Can the above 2 rules be added by editing /etc/sysconfig/iptables using vim editor and
|
Yes.
*Note that unless you need separate rules for specific reasons you may combine these 4 rules into 1 rule using the "multiport" module "--dports".
Quote:
Originally Posted by RHCE_ran
the iptables service restarted as
service iptables restart
|
Yes.
*That is, if you
saved the rule set in your editor ;-p
Quote:
Originally Posted by RHCE_ran
Would editing the /etc/sysconfig/iptables using vim editor add the rules to the iptables configuration?
|
Yes and no. Editing /etc/sysconfig/iptables only adds the rules
on disk. They need to be reloaded in memory and that is why you use either 'service iptables restart' (which is invasive) or interface with the 'iptables' binary directly:
Code:
iptables-save > `mktemp -p /tmp iptables_old.XXXXXXXXXX`
iptables -t filter -n --line-numbers -L INPUT
iptables -t filter -A INPUT -m tcp -p tcp -m state --state NEW -m multiport --dports 5667,5666,5668,5669 –j ACCEPT
iptables -t filter -D INPUT 1
iptables -t filter -D INPUT 1
iptables-save > `mktemp -p /tmp iptables_new.XXXXXXXXXX`
*Note doing this without editing /etc/sysconfig/iptables means new / changed rules loaded in memory won't survive a service or machine reboot.
**Never execute given rule set changes (on production machines) without understanding the commands: see 'man iptables'. This may or may not be convenient ;-p
