From: "Jason Williams" <jwilliams@xxxxxxxxxxxxxxxxxxxx> To: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Thursday, December 30, 2004 3:39 PM Subject: Re: Saving IPTable rules..oops
At 10:23 AM 12/29/2004, you wrote:You can do couple of things:
- After you enter your commands from a shell, you can do a *service iptables save*. All the commands that you had entered will be stored in the *iptables* file in /etc/sysconfig. By the way this is the file the system reads while boot up to load the firewall configuration.
- You can directly edit this file to add new commands (though it is not recommended, but I still do it 'coz it makes life easier) and then run *iptables-restore* to load the new configuration.
Appreciate the help and feedback on this. Makes sense now.
One queston regarding the /etc/sysconfig/iptables file. In this file, can I put my variables in there? Such as: INET_IP=212.122.131.34, INET_IFACE="eth0" and so forth?
Or does that need to go somewhere else?
I don't think you can put your variables in /etc/sysconfig/iptables file. It follows a particular pattern which is not that difficult to learn.
If you want to use variables and stuff, you gotta write your own script file and run it at bootup. I use do this way when my firewall rules were less than 50 lines.
Now my firewall rules are more than 500 lines so I edit the /etc/sysconfig/iptables file directly. It is just an efficient way to load the rules through this file.
Hope this helps.
Deepak Seshadri
Thanks!
Jason
