Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-12-2004, 05:12 PM   #1
Registered: May 2003
Location: N. California
Distribution: FC3 2.6.9
Posts: 110

Rep: Reputation: 15
iptables vs. rc.firewall

I am very confused. I see that I have an 'iptables' files and an 'iptables-config' file in my /etc/sysconfig folder.

When I configured IP masquerading for my home network I found a file called rc.firewall - which I was instructed to place in my /etc/rc.d/ folder and whenever I have to reboot my computer I have to run that file in order to allow my other [windows] computers out to the internet.

So my questions are-
What is the difference between these two files? Does the rc.firewall file simply append iptables 'rules' to the 'iptables' file?

When I add 'rules' or 'lines' to my iptables (for instance I currently trying to block all outside requests to my samba ports) should I add these lines to the rc.firewall file or the iptables file or the iptables-config file?

If I make changes to the iptables file - am I supposed to 'restart' iptables?

I know I'm asking alot - but I'm sure its very elementary knowledge to alot of you, and would appreciate your help.
Old 08-12-2004, 09:52 PM   #2
Senior Member
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
I see that I have an 'iptables' files and an 'iptables-config' file in my /etc/sysconfig folder.
Tells me you are using RedHat/Fedora or a redHat based distro. So, you don't really need to copy rc.firewall to /etc/init.d. RedHat has a script iptables that reads from an existing set of rules that it saves in the /etc/sysconfig directory and loads them at boot. But this script pretty much just maintains the iptables rules. If there is no file in /etc/sysconfig, the script will maintain a default ACCEPT stance.

To load the initial set of rules, you may need to write another script with ACCEPT/DROP rules to regulate traffic coming in and going out of your system. Once your execute your script, and you can see your rules when you give the command

# iptables -nvL

and you are satisfied with the way your rules behave, you can go ahead and commit those rules to /etc/sysconfig/iptables with the command

# service iptables save.
Old 08-13-2004, 03:39 PM   #3
Registered: May 2003
Location: N. California
Distribution: FC3 2.6.9
Posts: 110

Original Poster
Rep: Reputation: 15
so that last command will basically 'overwrite' my /etc/sysconfig/iptables file to the current settings I have with my rc.firewall?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables with iptables-firewall.conf arno's matt3333 Slackware 16 06-28-2007 07:20 AM
iptables and firewall J4b0l Linux - Security 5 10-10-2005 08:02 AM
IPTABLES firewall Vs rc firewall netguy2000 Linux - Security 7 02-28-2004 04:31 AM
firewall iptables SchwipSchwap Linux - Newbie 2 09-14-2002 06:41 AM
IPTables Firewall bfloeagle Linux - Security 6 06-19-2001 02:51 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:21 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration