On Fri, 11 Jun 2004 19:17:13 -0700 "jdow" <jdow@xxxxxxxxxxxxx> wrote: > From: "Craig White" <craigwhite@xxxxxxxxxxx> > > > On Fri, 2004-06-11 at 16:24, Nina Pham wrote: > > > Hi, I change the rules in the iptables, what do I need to do to make > > > sure that it will be in affect nexttime I boot the system. > > --- > > service iptables save > > Have "they" solved the dynamic IP address issue with the usual approach > of "service iptables save" which simply presumes you have the same IP > address upon reboot? I ended up rolling my own firewall to get around > the issue. It's not the "service iptables save" that presumes you have the same IP, rather the rules that you choose to use. There aren't too many situations where you actually need to reference your IP address directly, except maybe if you have multiple IP's bound to an interface. For instance, connection sharing the internet with your local hosts you should use the MASQUERADE target instead of SNAT and the current IP addy of the outgoing interface will automatically be used: iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE So no rule changes are needed just because your IP changes. Similarly, you can code most rules by interface (eg. eth0) rather than by IP address. Once you have your rules coded without reference to current ip address you're all set. From a quick check of system-config-securitylevel it doesn't seem to reference the current IP address when creating rules so there shouldn't be a problem creating your rules that way. Regards, Sean
