On Fri, Apr 24, 2020 at 11:07 PM Valdis Klētnieks <valdis.kletnieks@xxxxxx> wrote: > > On Fri, 24 Apr 2020 18:28:21 -0400, Jeffrey Walton said: > > > The problem I am having is, adding the new information to the existing > > iptables rules in /etc/sysconfig/iptables. I want to write my rules to > > a separate file and then tell /etc/sysconfig/iptables to include it at > > the correct position. > > > > I read the iptables(8), iptables-save(8) and iptables-restore(8) man > > pages, but I don't see how to combine the different sources. > > > > How do I tell iptables to include a second external source at a > > specific location? > > Turn the problem on its side.... > > #!/bin/bash > cat /etc/iptables.header /etc/iptables.newstuff /etc/iptables.trailer > /etc/sysconfig/iptables > iptables-restore < /etc/sysconfig/iptables > > (basically the solution I did for an NFS server, where 'newstuff' and /etc/exports were > both machine-generated by a perl script that read a config file of authorized clients. That's a good idea. I think that may work better for some data sets. One last question... Should I create my own target - say mediawiki - and append my rules to it? That may simplify things: * Header, newstuff and trailer is fixed * newstuff just jumps to mediawiki target * if mediawiki does not ban, then control returns to trailer Then, my out-of-proc service just keeps adding to mediawiki target. I don't need to write files in this case. I'll just keep adding to the running config. Jeff _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
