On 12/15/2016 11:50 AM, Rick Stevens wrote:
On 12/15/2016 10:17 AM, jd1008 wrote:
Following up on recent posts re: masking and disabling firewalld,
I wanted to understand how to automate
/usr/sbin/iptables-restore < /etc/sysconfig/my_iptables
The standard spot to keep your iptables configs before firewalld is in
the "/etc/sysconfig/iptables" file. That was true for years.
By default "systemctl start iptables" will do an iptables-restore from
the "/etc/sysconfig/iptables" file. On shutdown, "systemctl stop
iptables" will do an iptables-save to the "/etc/sysconfig/iptables"
file.
If you want to use a different file to store your configs, you need to
edit the /usr/lib/systemd/system/iptables.service file and modify the
line:
ConditionPathExists=/etc/sysconfig/iptables
to reflect the file you want to use, e.g.
ConditionPathExists=/etc/sysconfig/my_iptables
Don't forget to do a "systemctl daemon-reload" if you modify the service
file.
You will also have to modify the /usr/libexec/iptables/iptables.init
file. In there you'll see this construct:
IPTABLES=iptables
IPTABLES_DATA=/etc/sysconfig/$IPTABLES
so changing the first line to:
IPTABLES=my_iptables
will make the second line set the IPTABLES_DATA variable now point at
/etc/sysconfig/my_iptables. IPTABLES_DATA is the variable used in the
remainder of that script as the storage point.
Really, it's just easier to use the standard /etc/sysconfig/iptables
file. That would keep you consistent with the pre-firewalld mechanisms
on older Fedora/CentOS/RHEL platforms that had been used for years.
Cool.
Thanx Rick.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
