Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 09-26-2008, 06:25 AM   #1
LQ Newbie
Registered: Sep 2008
Posts: 2

Rep: Reputation: 0
cannot save iptables configuration on opensuse 10.3 I have a server running opensuse

I have a server running opensuse 10.3 and am attempting to configure iptables by following the tutorial at iptablesrocksDOTorg (sorry for the DOT, I am blocked from posting a URL).

My problem is that when I reboot the server, the running configuration returns to an "open" state, i.e.

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

I try to save the firewall ruleset script ("primary_firewall") like this:-

cp /root/primary_firewall /etc/sysconfig/iptables

as the tutorial explains that this is how to integrate the setup into the servers boot process. After a reboot iptables was back to the open state, so I tried this:-

iptables-save > /etc/sysconfig/iptables

as a search on google indicated that the file format might be incorrect otherwise. After a reboot iptables was back to the open state.

I checked all of the (modified today) log files in /var/log/ for the string "iptables" to see whether I could see any errors during boot up, but I can't see any.

It may be that I am either putting the ruleset script in the wrong place, or another process is altering the rules during boot. I have read the iptables man page, but can't see any reference to restoring a ruleset script during boot.

I am a newbie with Linux, so would appreciate it if someone could suggest how I debug my installation, or point me in the direction of a manual that explains how to configure this on Opensuse.

Thanks for any help.
Old 09-26-2008, 11:37 AM   #2
Senior Member
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,070

Rep: Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897
Firstly SuSE is a bit different and the tutorial may only be mostly correct, if it doesn't note the differences that are specific to SuSE.

Secondly, you don't seem to be restoring the ruleset, so you shouldn't be surprised that the ruleset doesn't get restored.

To the first point, by default SuSE uses its own system for configuring the firewall and that involves an 'early' block-anything-not-needed-for-boot stage and then a more precisely configured late stage. You could be tripping over either of these stages, so you need to check from the run level editor in yast that this isn't going to be the case. (This also raises the question why you aren't going with the flow and using the SuSE firewall system, but that is, of course, up to you. If you do change your mind, configure from YAST.)

as a search on google indicated that the file format might be incorrect otherwise. After a reboot iptables was back to the open state.
The firewall is only persistent if you make it so, in other words, if you restore. The iptables-save/iptables-restore system does have advantages if you need to preserve counters across reboots, which is difficult to do otherwise. OTOH, if you aren't interested in the counters, this isn't really an advantage.

To do it this way, you need to use iptable-save to dump the contents to a file and iptables-restore to put things back in place - you'll need the -c switch to do the counter thing. So, somewhere in the boot process, you need to execute a script that does this, either get the YAST runlevel editor to do it, or run a trivial script from the appropriate /etc/rc.

There is usually good documentation on networking, etc, in
  • the SuSE books
  • the SuSE website
but its sometimes a bit difficult to find what you want if you don't have the books.
Old 09-26-2008, 11:58 AM   #3
LQ Newbie
Registered: Sep 2008
Posts: 2

Original Poster
Rep: Reputation: 0
Thanks for the pointers salasi.

I'm off to buy a decent SuSE book...


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenSuSE 10.3 failing to uninstall openSuSE installer from the windows boot Lucens Linux - Newbie 5 10-11-2008 08:08 AM
openSUSE online update configuration not contacting server... chickenlinux Linux - Software 10 08-16-2008 08:38 AM
Intalling Probs- Hardware COnfiguration OpenSuse 10.2 amigoloko Linux - General 1 07-02-2007 12:25 AM
Running Apache 2.x on OpenSUSE 10.2 Dee-ehn SUSE / openSUSE 3 04-24-2007 06:51 AM
openSuSE 10.2 PPTP configuration :) eXTigyroue SUSE / openSUSE 7 02-12-2007 03:13 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:56 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration