On 02/15/2012 09:45 AM, "Jóhann B. Guðmundsson" wrote: > Experienced admins dont use service iptables blah anyway ( they use > iptables commands directly ) so it hardly matters to them documentation > should however be updated for those that actually use service iptables > blah to point this out so you should file a DOC bug for it. > > Actually, many experienced users directly create and put their rules file wherever the iptables service reads it from (historically it is /etc/sysconfig/iptables). Not sure if that has changed - if not JBG is essentially right For those still using iptables command instead, to install the rules in the kernel one at a time, they can then use the iptables-save command to create rules file from already running firewall. But, note that installing rules into the kernel via iptables command one rule at a time is 2-3 orders of magnitude slower than creating the rules file and installing all the rules in one shot. Either way, all you need to do is put them where the iptables service expects to read them from when its started - I would think - all it does it invoke iptables-restore on the rules file - or at least thats the way it used to work :-) gene -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
