From: <steveo@syslang.net>
> On Tue, 29 Oct 2002, Robert P. J. Day wrote:
>
> =>On Tue, 29 Oct 2002, Taylor, ForrestX wrote:
> =>
> =>> Robert P. J. Day wrote:
> =>> > as part of a tutorial i'm writing on iptables, here's what i've
listed --
> =>> > feedback is appreciated.
> =>> >
> =>> > to switch from ipchains to iptables:
> =>> >
> =>> > # chkconfig --level 0123456 ipchains off (turn off auto start)
> =>> > # service ipchains stop (stop ipchains)
> =>> > # rmmod ipchains (unload the module)
> =>> > # rpm -e ipchains (if you're SURE :-)
> =>> >
> =>> > # insmod ip_tables (insmod or modprobe?)
> =>> > # chkconfig iptables on (auto start)
> =>> > # service iptables start (fire it up)
> =>> > # iptables -L (verify with listing)
> =>> >
> =>> > comments?
> =>> >
> =>> > rday
> =>>
> =>> I would say that you should use `modprobe -r` instead of rmmod, and
> =>> modprobe instead of insmod. `modprobe` will include any module
> =>> dependencies, thus it is a good habit to get into ;o)
> =>
> =>now that i think about it, doesn't "service iptables start"
> =>automatically load ip_tables anyway?
> I'd be careful here. If you load iptables then that's all you get. You
> really want to explicitly load any additional other modules you might need
> for what you're doing. e.g., If you allow any ftp traffic then you
> probaly want to load ip_contrack and ip_contrack_ftp.
Loading specific modules you need is best done with your script in
/etc/sysconfig/iptables or the one you run out of /etc/ppp/ip-up.local
if you have a dynamic ppp type connection.
{^_^}
--
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
