Re: Sane way to add iptables entries with kickstart

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

try moving the original /etc/sysconfig/iptables file to
/etc/sysconfig/iptables.orig
and
try the here document
in %post
cat > /etc/sysconfig/iptables <<EOF
cut in past original /etc/sysconfig/iptables here
then add your other rules here
EOF

Andrew M. Williams wrote:


Tony Nugent wrote:


On Wed Feb 05 2003 at 09:52, "Andrew M. Williams" wrote:



I added entries to that file during %post, they disappeared on reboot.





RedHat 8.0

I've tried the following

issuing the iptables commands, they run fine.  i.e.
iptables -A asdfasdfasdfasdf
and running iptables-save >/etc/sysconfig/iptables
I've also tried doing /etc/init.d/iptables save and service iptables save all with the same effect
Echoing the lines into the /etc/sysconfig/iptables file, first echo overwrites the next echos all append.
On reboot after %post has run, everything seems to be the stock iptables config. Contents of /etc/sysconfig/iptables is totally different than what I set. 

I'll keep digging.

- andrew





Disappeared???  Or not enabled at bootup?

It should be trivial to drop a working /etc/sysconfig/iptables file
into a newly built box, why would it "disappear"?

In %post do a chroot into the new system, run /sbin/chkconfig to
turn off ipchains and turn on iptables, and perhaps put "alias
ipchains off" into /etc/modules.conf to make sure that ipchains
doesn't get in the way.



- andrew





Eric Griffis wrote:


Tuesday, February 4, 2003, 11:29:27 AM, Andrew wrote:






Is there a sane way to add iptables rules in the %post section






Look at /etc/sysconfig/iptables on any redhat box. It's a pretty
straight-forward text file, except for the [..,..] numbers at the
beginning of certain lines. Anybody know what those numbers represent?
I've set them to 0's in the past without noticeable side effects.

...eric





Cheers
Tony



_______________________________________________
Kickstart-list mailing list
Kickstart-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/kickstart-list






_______________________________________________
Kickstart-list mailing list
Kickstart-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/kickstart-list
[Index of Archives]     [Red Hat General]     [CentOS Users]     [Fedora Users]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux