syntax error in firewall script
 

I have not used the word COMMIT in following firewall script.I want to know is it a syntax error.

The script is created by 'iptables-save', generally you are not supposed to edit these files by hand, just configure iptables how you want then 'iptables-save > /etc/sysconfig/iptables'. Another option is to edit /etc/sysconfig/iptables-config and change 'IPTABLES_SAVE_ON_STOP="no"' to 'IPTABLES_SAVE_ON_STOP="yes"' so it will save your rules when you stop it.

I would guess that a missing 'COMMIT' on the end could be a problem, try reloading iptables and see if there are any error messages and whether the rules are correct

cheers

I can not reboot the server that is a problem.
Secondly it is a
Debian server.We are having Xen running on it virtualization stuff.So what is happening is it is changing the vif bridges names a lot many times.After a reboot a IPTABLE rule that was applied to a vif bridge this vif bridge does not exist any more.
I want a few firewall rules to be active at the time of boot which I have configured.So should I write a shell script or how should I go for it.

Word "COMMIT" doesn't have not any relation to iptables rules.

If you want add rule permanently you need to find already existed config. file with default rules and add your rules there or write small script, which will be loaded at boot time, BUT after iptables activation. Otherwise it will erase them.

If you're using a bridged connection you should be performing packet filtering that's specific to the guest within the guest, not within Dom0.

i.e.

Ya you are right the thing is I have configured IPTABLES to DNAT an SSH connection to DomU from Dom0 which is on a public IP.The rules I posted above are accepting connections at ports
2029
2036
2032
2043
and forwarding to inside DomU's at port 22
So it is like that.


Okay this was helpful thanks can you give me some link so that I can be sure.

Actually:
Your default rule for INPUT chain is ACCEPT, so any other rules with ACCEPT decision in this chain - is useless.

Where can you find file with rules for iptable, it depends on distribution, for example for OpenSuse it is in:
/etc/sysconfig/scripts/SuSEfirewall2-custom
in Fedora 12 it is /etc/sysconfig/firewall...something

Agreed right now it is like that but I will be changing that.That is why I am asking this question.
What I have found out is to be able to run firewall at boot I need to do
write a script in if-up.d on Debian
it will use iptables-restore< </path to where ever I saved iptable>

Or we need to add a line in interfaces before eth2
mentioning post boot what script it should load.

I manually deleted some of the entries so before I do some thing wanted to make sure that things are right I do not have a physical access to the server.
Any how thanks for your reply.

Do you have this:
/etc/init.d/iptables
if yes you can use "start" part of this script to read your rules or from any other places with "iptables-restore" command.
Unfortunately, I do not really know Debian.

No I do not have the thing is I have to do it only once so I am a bit cautious.I can not take chances.