Firstly, do you mean using -X option for iptables can automatically deleted those user defined chains ?
From the man page:
Quote:
-X, --delete-chain
Delete the specified user-defined chain. There must be no references to the chain (if there are you must delete or replace the referring rules before the chain can be deleted). If no argument is given, it will attempt to delete every non-builtin chain.
|
So in order not to direct editing it, I have to create a backup file ,edit it and make it executable and try loading it to ensure it is ok , right ? If it is ok, then I iptables-save > /etc/sysconfig/iptables and load at bootup ?
No.
1. Create a backup of /etc/sysconfig/iptables
2. Create a brand new file
3. Copy and paste those rules I posted earlier into new file
4. Make it executable
5. Run new file
6. Check output of 'iptables -vnL' to make sure all rules loaded properly
7. Run 'service iptables save'
Code:
cp /etc/sysconfig/iptables /etc/sysconfig/iptables-backup
vi /etc/sysconfig/new-firewall-script
<press ctrl-i to start insert mode>
<copy and paste firewall rules that I posted earlier into /etc/sysconfig/new-firewall-script>
<press esc button to leave insert mode>
<type :wq to save and quit vi>
chmod u+x /etc/sysconfig/new-firewall-script
cd /etc/sysconfig/
./new-firewall-rules
iptables -vnL
<look through output to make sure everything looks ok>
<try using your web browser, pinging a website, etc to make sure that everything works ok (do not reboot yet)>
service iptables save
Don't know how to explain it any better than that