Re: Where is the IPTABLES rule set?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2005-12-01 at 14:27 -0800, Kenneth Porter wrote:
> I do backup my sysconfig file before messing with the firewall, but I
> often edit it once I've backed it up. The format isn't too tough to
> decipher.  Each line has the stuff after "iptables -t majortable -A
> minortablename".  The major and minor tables are in groups. The
> counters for each rule can optionally appear at the beginning of the
> line in brackets.
> 
> The big win in using the save file over individual rule invocations is
> that it gets loaded into the kernel in one gulp, with only one locking
> of the kernel structure. This makes it much faster when you have a lot
> of rules.  Some iptables helper programs can generate 100's of rules,
> so this makes your firewall loading much less painful.

When I first messed with iptables, there wasn't an interface.  So I
ended up writing a script file with my rules in it (as you'd type them
into the CLI).  Giving me an easy way to modify things (keeping some
things the same, changing others), and an easy way to re-implement the
same set of rules later on.  The last line of the script saved the rules
to the standard place, so they were implemented at bootup, just the same
as you've described above.  It worked well for me.

-- 
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux