custom firewall configuration
Mike Burger
mburger at bubbanfriends.org
Sat Dec 31 19:58:54 UTC 2005
On Fri, December 30, 2005 9:16 am, A.Fadyushin at it-centre.ru wrote:
> Usually it is better to edit the /etc/sysconfig/iptables manually rather
> than add rules one by one via iptables command. For example, it is much
> easier to reorder rules via editinf of the file. Of course, you should
> restart the iptables service after each edit. When you are satisfied
> with the results, issue the command 'service iptables save' - the file
> /etc/sysconfig/iptables will be rewritten with the addition of
> statistics information user by 'service iptables restore'.
Actually, I used to do this, too...what I've found, instead, is that it's
better to maintain an iptables script, into/from which you can add/remove
rules. Then, you can run that script, make sure that the rules are doing
what you want, then run "service iptables save" to save them as the
default, or "service iptables restore" to bring your firewall back to the
state it was previously in.
--
Mike Burger
http://www.bubbanfriends.org
Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000
To be notified of updates to the web site, visit
http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a
message to:
site-update-request at bubbanfriends.org
with a message of:
subscribe
More information about the redhat-list
mailing list