-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
How do I get ipTables rules to stick?
- Thread starter TechBoyJK
- Start date
mv2devnull
Golden Member
Depends on distro.
Redhat-style is/was that initscripts load rules atomically to kernel's netfilter from /etc/sysconfig/iptables (and similar IPv6 file) during boot. As shown by Jodell88, a command (iptables-save) reads current netfilter rules from kernel to stdout (and initscripts include an incantation: "service iptables save"). Recent Fedora have some daemonic replacement for the iptables tool.
Redhat-style is/was that initscripts load rules atomically to kernel's netfilter from /etc/sysconfig/iptables (and similar IPv6 file) during boot. As shown by Jodell88, a command (iptables-save) reads current netfilter rules from kernel to stdout (and initscripts include an incantation: "service iptables save"). Recent Fedora have some daemonic replacement for the iptables tool.
Red Squirrel
No Lifer
I usually make a script called applyfirewallrules.sh and put it in /data/scripts/ (folders I make). I keep it all consistent on each machine so it's easy to know where stuff is no matter what distro.
I then just put the actual iptable commands in that script. Make sure it does a flush first though.
Did not know about the iptables-save command though, that might actually be a better route. Just be sure /etc is part of your backup job.
I then just put the actual iptable commands in that script. Make sure it does a flush first though.
Did not know about the iptables-save command though, that might actually be a better route. Just be sure /etc is part of your backup job.
KenJackson
Junior Member
I haven't changed my rules since systemctl rudely barged onto the scene, so the last time I save mine I used "service iptables save".
I just went looking for the systemctl equivalent. The equivalents for start and stop are implemented, but not save.
But I found the old init.d script here: /usr/libexec/iptables/iptables.init.
I wonder why the didn't add something like this line:
ExecSave=/usr/libexec/iptables/iptables.init save
to this file:
/usr/lib/systemd/system/iptables.service
If that was done, I think this would work: systemctl save iptables.service
Jodell88
Diamond Member
I think you should look up SystemD on what it does and how it behaves.
KenJackson
Junior Member
Oh, I'm learning it. What secret are you alluding to?
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
