iptables
Ben Scott
dragonhawk at gmail.com
Mon Sep 22 16:26:51 EDT 2008
On Mon, Sep 22, 2008 at 3:56 PM, Labitt, Bruce
<labittb1 at tycoelectronics.com> wrote:
> If I already have an iptables file, how do I go about editing it?
Well, if I remember correctly, the Red Hat scripts save the
information in a file </etc/sysconfig/iptables>, which has fairly
self-explanatory syntax. You can reload any changes to the file using
the <service iptables reload> command.
Another approach is to manipulate the active ruleset in the running
system. Make your changes, test them, debug them, and then (if happy)
save the result. That's what that series of commands I posted will
do: First delete everything, then create some rules, then save. The
<service iptables save> command takes the current ruleset and writes
it to the </etc/sysconfig/iptables> file.
If you want to preserve existing chains, simply omit the -F and -X
commands I started out with. They delete all existing rules from all
chains, and then delete all user-defined chains, respectively.
For complicated firewalls, I usually write my own, custom scripts,
and disable the Red Hat <iptables> service entirely. But I don't
think your scenario is complicated. :)
-- Ben
More information about the gnhlug-discuss
mailing list