Proper management of iptables?
Dmitry Makovey
dmitry at athabascau.ca
Tue Mar 8 20:51:02 UTC 2011
Hi everybody,
For quite a while inside of our organization we've been editing
/etc/sysconfig/iptables directly without much issues. However it was suggested
to us that by doing so we risk losing all those rules whenever some package
decides to use lokkit or "system-config-firewal*"
Several different sources suggested that modifying iptables on-the fly (via
CLI) and then saving rules via
$ service iptables save
is a proper technique.
Doing a bit of analysis I can't really find any trace of code that would
prevent us from maintaining iptables just the way we were (as long as *we*
don't use lokkit or system-config-firewall*) since "service iptables save" is
a valid technique and uses iptables-save script which is part of iptables
package and *not* part of system-config-firewall*
So we've got some evidence that may confirm our usage as valid, however it
would be nice to know if indeed this is *not* a recommended way of maintaining
iptables and we should reconsider how we approach it.
--
Dmitry Makovey
Web Systems Administrator
Athabasca University
(780) 675-6245
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/redhat-sysadmin-list/attachments/20110308/77173167/attachment.sig>
More information about the redhat-sysadmin-list
mailing list