• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Do you use an iptables script or just edit iptables?

JD50

JD50

Lifer
Just curious to see what most people do. I've seen a few people use an iptables shell script but I've always just edited /etc/sysconfig/iptables. What do you guys do? I'm talking about in a production or lab environment with multiple servers, not your home desktop box.
 
The only reason I can see for using a custom script instead of using he infrastructure provided by the OS is that you downloaded the script from the Internet and don't actually know how it works.

And I'm pretty sure that iptables-save/iptables-restore are faster than calling the iptables command over and over again in a script so it makes sense from both performance and standardization viewpoints to use the system scripts and files.
 
I'm glad I came across this post. I had first started modifying the iptables file directly, then found a few sites saying that this was real bad juju. I'd take the opinions of AT Linux gurus over random google sites any day of the week 😉
 
bobross419 said:
I'm glad I came across this post. I had first started modifying the iptables file directly, then found a few sites saying that this was real bad juju. I'd take the opinions of AT Linux gurus over random google sites any day of the week 😉
Click to expand...

It's not bad juju. That's how I've always done it because that's the way I learned, and that was from a Red Hat class. Some people might not like directly editing the file because if you make a mistake and somehow lock yourself out (if you're connecting remotely) then you're screwed, because the iptables file obviously persists across reboot.
 
JD50 said:
It's not bad juju. That's how I've always done it because that's the way I learned, and that was from a Red Hat class. Some people might not like directly editing the file because if you make a mistake and somehow lock yourself out (if you're connecting remotely) then you're screwed, because the iptables file obviously persists across reboot.
Click to expand...

Yea, but the chances of doing that with a custom script are about the same because eventually you'll set that script to run on boot.
 
lord_emperor said:
If you use either method correctly then what is the difference?
Click to expand...

The only way I could see there being a problem is if RedHat's GUI firewall tool doesn't deal with manual edits well. If such a tool exists, I haven't touched RHEL or CentOS in a while.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top