also, i'm not trying to criticize anyone,;-)
but I think the "more proper" way with rh now
a redhat-proper-way could be via redhat-config-network/securitylevel/firewall you can fill a [RFE]
# lokkit # redhat-config-securitylevel # neat # redhat-config-network ...
is to set ip forwarding to a 1 in /etc/sysctl.conf and
https://listman.redhat.com/archives/shrike-list/2003-June/msg00507.html
just enter the iptables rules manually then type service iptables save. The output of the firewall save will go to /etc/sysconfig/iptables, then can also be edited if necessary.
you are right
https://listman.redhat.com/archives/phoebe-list/2003-January/msg00161.html
afaik
the iptables-rules in /etc/rc.local will be added while booting to edwarner99@xxxxxxxxx evtl. changing experimental-lokkit-rules
when he # service iptables stop he must execute # /etc/rc.local once again to add this rules or he type them once again
let me add one comment: i am surely no iptables/security-guru but some people say:
turn off iptables
do never enable ip_forwarding via /etc/sysctl.conf
do this later in your own firewall/dialup-script
make use of usefull variables, eg: ext_if, int_if, ...
-P DROP absolutely all
set only your needed firewall-rules
will say: ACCEPT/FORWARD/MASQUERADE/... only what you really need
it should be a real *firwewall* and no *open_whole_with_a_few_firestones*
at the end of the end of the end of this script if you are sure that *all_security-settings_are_really_done*
than you can go online
and then you can enable ip_forwarding with echo "1"
a worst-case-script could be helpfull in some bad situations
a backup-. diff- and restore-possibility could also be helpful
iptables-save >/path/to/your_own_iptables iptables-restore </path/to/your_own_iptables
this is surely no redhat-included-predefinied way
it is a way of your own choice
and redhat gives you the possibility to go your own differend ways when you are able to walk
-- shrek-m
