syntax error in firewall script
I have not used the word COMMIT in following firewall script.I want to know is it a syntax error.
Code:
# Generated by iptables-save v1.4.2 on Sun Feb 8 17:37:00 1889 |
The script is created by 'iptables-save', generally you are not supposed to edit these files by hand, just configure iptables how you want then 'iptables-save > /etc/sysconfig/iptables'. Another option is to edit /etc/sysconfig/iptables-config and change 'IPTABLES_SAVE_ON_STOP="no"' to 'IPTABLES_SAVE_ON_STOP="yes"' so it will save your rules when you stop it.
I would guess that a missing 'COMMIT' on the end could be a problem, try reloading iptables and see if there are any error messages and whether the rules are correct cheers |
Quote:
Secondly it is a Debian server.We are having Xen running on it virtualization stuff.So what is happening is it is changing the vif bridges names a lot many times.After a reboot a IPTABLE rule that was applied to a vif bridge this vif bridge does not exist any more. I want a few firewall rules to be active at the time of boot which I have configured.So should I write a shell script or how should I go for it. |
Word "COMMIT" doesn't have not any relation to iptables rules.
If you want add rule permanently you need to find already existed config. file with default rules and add your rules there or write small script, which will be loaded at boot time, BUT after iptables activation. Otherwise it will erase them. |
If you're using a bridged connection you should be performing packet filtering that's specific to the guest within the guest, not within Dom0.
i.e. Code:
Dom0 # iptables -L |
Quote:
2029 2036 2032 2043 and forwarding to inside DomU's at port 22 So it is like that. Quote:
|
Actually:
Code:
*filter Where can you find file with rules for iptable, it depends on distribution, for example for OpenSuse it is in: /etc/sysconfig/scripts/SuSEfirewall2-custom in Fedora 12 it is /etc/sysconfig/firewall...something |
Quote:
What I have found out is to be able to run firewall at boot I need to do write a script in if-up.d on Debian it will use iptables-restore< </path to where ever I saved iptable> Or we need to add a line in interfaces before eth2 mentioning post boot what script it should load. I manually deleted some of the entries so before I do some thing wanted to make sure that things are right I do not have a physical access to the server. Any how thanks for your reply. |
Do you have this:
/etc/init.d/iptables if yes you can use "start" part of this script to read your rules or from any other places with "iptables-restore" command. Unfortunately, I do not really know Debian. |
Quote:
|
All times are GMT -5. The time now is 03:09 PM. |