iptables has amnesia :-)
Don Russell
fedora at drussell.dnsalias.com
Mon Aug 20 23:12:16 UTC 2007
Mikkel L. Ellertson wrote:
> Don Russell wrote:
>
>> Mikkel L. Ellertson wrote:
>>
>>> If you are talking about the rules not surviving a reboot, try
>>> running "service iptables save" and/or "service ip6tables save". If
>>> you want the changes saved automatically, edit
>>> /etc/sysconfig/iptables.conf and change
>>> IPTABLES_SAVE_ON_RESTART="no" to IPTABLES_SAVE_ON_STOP="yes". Do
>>> the same for /etc/sysconfig/ip6tables.conf.
>>>
>>> Mikkel
>>>
>>>
> I must have deleted a section of my message somehow before I sent it
> - there should be advice about changing 2 variables, but there is
> the default state of one, and the needed state of the other...
>
>> ah... that's good to know... BUT.... in neither case have I restarted
>> the system....
>>
>> I'll have a look at that config file though and see if there are any
>> clues. :-)
>>
>> Maybe what I need to do (as you suggest) is "service iptables save"
>> after adding the rules and verifying they work correctly.
>>
>> (I looked at the webmin method specifically for some form of "save these
>> rules", but there is only "apply thse rules", which I did need to do)
>>
>>
> Please post back what you find, as this seams to be a strange one -
> the rules should not vanish on a normally running system. Are
> logging out and logging back in at the console, or bringing down an
> interface, and bringing it back up between setting the rules, and
> then vanishing?
>
> Mikkel
>
IPTABLES_SAVE_ON_RESTART and IPTABLES_SAVE_ON_STOP are both set to the
default value of "no".
So, I guess my question becomes, when does the firewall stop or restart?
I log on to a non-root user via ssh, then "su -"/"exit" to make the
iptables changes.... I have not restarted the whole machine, nor have I
restarted the iptables service.... does it restart periodically for some
reason? I haven't added anything to cron etc to make that happen...
I'm not restarting the interface....
I don't see what I could have done that cause d the firewall to
stop/restart....
More information about the fedora-list
mailing list