iptables is the userland configuration utility for netfilter in the
kernel. It does not delete rules without beeing told to do so.
Thomas
Don Russell wrote:
Mikkel L. Ellertson wrote:
Don Russell wrote:
Mikkel L. Ellertson wrote:
If you are talking about the rules not surviving a reboot, try
running "service iptables save" and/or "service ip6tables save". If
you want the changes saved automatically, edit
/etc/sysconfig/iptables.conf and change
IPTABLES_SAVE_ON_RESTART="no" to IPTABLES_SAVE_ON_STOP="yes". Do
the same for /etc/sysconfig/ip6tables.conf.
Mikkel
I must have deleted a section of my message somehow before I sent it
- there should be advice about changing 2 variables, but there is
the default state of one, and the needed state of the other...
ah... that's good to know... BUT.... in neither case have I restarted
the system....
I'll have a look at that config file though and see if there are any
clues. :-)
Maybe what I need to do (as you suggest) is "service iptables save"
after adding the rules and verifying they work correctly.
(I looked at the webmin method specifically for some form of "save these
rules", but there is only "apply thse rules", which I did need to do)
Please post back what you find, as this seams to be a strange one -
the rules should not vanish on a normally running system. Are
logging out and logging back in at the console, or bringing down an
interface, and bringing it back up between setting the rules, and
then vanishing?
Mikkel
IPTABLES_SAVE_ON_RESTART and IPTABLES_SAVE_ON_STOP are both set to the
default value of "no".
So, I guess my question becomes, when does the firewall stop or restart?
I log on to a non-root user via ssh, then "su -"/"exit" to make the
iptables changes.... I have not restarted the whole machine, nor have I
restarted the iptables service.... does it restart periodically for some
reason? I haven't added anything to cron etc to make that happen...
I'm not restarting the interface....
I don't see what I could have done that cause d the firewall to
stop/restart....
--
Thomas Woerner
Software Engineer Phone: +49-711-96437-310
Red Hat GmbH Fax : +49-711-96437-111
Hauptstaetterstr. 58 Email: Thomas Woerner <twoerner@xxxxxxxxxx>
D-70178 Stuttgart Web : http://www.redhat.de/
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list