Usually it is better to edit the /etc/sysconfig/iptables manually rather than add rules one by one via iptables command. For example, it is much easier to reorder rules via editinf of the file. Of course, you should restart the iptables service after each edit. When you are satisfied with the results, issue the command 'service iptables save' - the file /etc/sysconfig/iptables will be rewritten with the addition of statistics information user by 'service iptables restore'. I do not recommend to use the cron job which flushes iptables periodically, especially when you are editing the rules one by one with the 'iptables' command. Because such a process can be long enough the cron job may flush the rules before you enter all changes of the rules and save them. I think that the better way is to edit the file /etc/sysconfig/iptables directly and simultaneously with reloading of rules queue an 'at' job for the time of now + 1-2 minutes. For example: service iptables restart ; echo "iptables -F; iptables -X" | at now+5 minutes If you are satisfied with the results of new rules, you should remove at job with 'atrm' command. Alexey Fadyushin Brainbench MVP for Linux. http://www.brainbench.com > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > bounces@xxxxxxxxxx] On Behalf Of Greg Golin > Sent: Thursday, December 29, 2005 10:36 PM > To: General Red Hat Linux discussion list > Subject: Re: custom firewall configuration > > Romeo, > > service iptables save > > This shall save the custom rules you apply to /etc/sysconfig/iptables > so that when iptables starts, it reads the new rules you have applied. > I suggest adding a cron job that flushes the rules every five minutes > for the duration of configuration just to make sure you're not locked > out. > > You can also look here for help: > http://www.siliconvalleyccie.com/linux-hn/iptables-intro.htm > > Regards, > G > > On 12/29/05, Romeo Theriault <romeotheriault@xxxxxxxxx> wrote: > > The built-in RedHat firewall has been working good but it isn't > > meeting our needs anymore. I would like to customize it to make it a > > little more secure. What is the appropriate way to do this. Do I just > > turn it off and create my own init.d scripts? The /etc/sysconfig/ > > iptables files has a line about not recommending editing it? So what > > is the recommended way of further editing the firewall? > > > > Thank you, > > > > Romeo Theriault > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
