On Wed, Jun 11, 2003 at 07:22:39PM -0400, Justin Zygmont wrote: > also, i'm not trying to criticize anyone, but I think the "more proper" > way with rh now is to set ip forwarding to a 1 in /etc/sysctl.conf and > just enter the iptables rules manually then type service iptables save. > The output of the firewall save will go to /etc/sysconfig/iptables, then > can also be edited if necessary. > I don't think there really is a "proper" way to achieve this. You just have a choice. You can still have your own script load your firewall rules. However, if you want to change from having your own script loaded from the initscripts but instead having them handled by RH's chkconfig/service utilities then just issue: service iptables save which will grab your own script's rules from kernel memory and write them to the /etc/sysconfig/iptables file. Then just comment out your own script from the initscripts and do: chkconfig iptables on which will add the necessary symlinks to the RH's iptables script in the /etc/rc.d hierarchy to start iptables on the next reboot. Once I get a set of firewall rules I am happy with, I always save them to /etc/sysconfig/iptables using "service iptables save" regardless of whether I load from my own script or use RH's initscripts. Just one more backup should something go wrong with my own script. -- Jack Bowling mailto: jbinpg@xxxxxxx
