Hello, iptables-save and iptables-restore don't work with variables. for example if run the script: ------------- #!/bin/bash ext_if="eth0" ipt="/usr/sbin/iptables" $ipt -A INPUT -i $ext_if -j DROP ------------- iptables-save will output: ------------- #Generated by ..... *filter :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT -A INPUT -i eth0 -j DROP COMMIT #Completed... ------------- so, if you really need variables use a script! On Tuesday, March 8, 2005, 12:25:36 PM, Veena Etcell wrote: > Hi, > I am hoping someone can help with the following: > I am at a point where I require advice/direction with regards to adding > variables (manually or otherwise) to a standard iptables file. > I am not sure how to add them/where to add them or the syntax that is > required. > In the example below I have manually added one variable (Line 2) to see > would happen to /etc/sysconfig/iptables (Redhat FC3 install). > When I iptables-restore < /etc/sysconfig/iptables I get "error at line 2 > failed" > # Generated by iptables-save v1.2.11 on Mon Mar 7 22:18:56 2005 > EXT_INTERFACE="eth0" > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > -A INPUT -p tcp -j REJECT --reject-with icmp-port-unreachable > -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable > -A INPUT -i lo -j ACCEPT > -A OUTPUT -o lo -j ACCEPT > -A mine -j ACCEPT > COMMIT > # Completed on Mon Mar 7 22:18:56 2005 > Any advice would be appreciated > Thanks and regards > michael -- Best regards, Petrisor mailto:petry.b@xxxxxxxxx
