hi,
I just spent a day try to get openSUSE11.0 to load some custom iptables settings in conjunction with the SUSEfirewall at boot. I've got it working now so I thought I'd share:
1. forget about trying to set up a script to run like a service with chkconfig. It just won't work (even with S99!). I suspect the firewall flushes the settings later, after these rc.d scripts are executed, it's not clear how or why the settings get ignored but trust me - they will be ignored.
2. You'll need to edit /etc/sysconfig/scripts/SuSEfirewall2-custom. Put the custom iptables commands where appropriate, details are given in the file itself. Do read what is in the file because there is no man page for this.
3. Edit
Code:
/etc/sysconfig/SuSEfirewall2
change
to
Code:
FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
What I wanted this for was to get postfix to listen on another port as well as 25. Fiddling with postfix itself can produce an open relay and so is not advised. A more elegant solution is to use iptables with the following command:
Code:
iptables -t nat -A PREROUTING -p tcp --dport 1025 -j REDIRECT --to-ports 25
The three steps above show how I got the custom port mapping rule to auto load at boot. If you don't follow the steps then the settings are lost on reboot - a common complaint.
regards
Matteus Blanc