On Sat, 2006-04-22 at 13:41 -0400, Devon Harding wrote: > I have a cron.hourly script set up to save my iptables chains. When I > reboot, the chain is empty & /etc/sysconfig/iptables contains the > default settings. > > Here is /etc/cron.hourly/iptables.cron: > > #!/bin/sh > /etc/init.d/iptables save >/dev/null 2>&1 What about doing an "iptables-save" command, instead? (See near end of message.) I would have thought that what you're doing saves them to the same place that iptables loads its tables at boot time, but maybe you're getting some strange race condition. And related to that, and in regards to another posting about "/etc/sysconfig/iptables-config", you might want to look at the same parameters that are inside the "/etc/sysconfig/iptables-config" file. My /etc/sysconfig/iptables-config file is the default: IPTABLES_MODULES="" IPTABLES_MODULES_UNLOAD="yes" IPTABLES_SAVE_ON_STOP="no" IPTABLES_SAVE_ON_RESTART="no" IPTABLES_SAVE_COUNTER="no" IPTABLES_STATUS_NUMERIC="yes" I have custom rules stored (once) in the default place iptables reads from at boot time (*), they seem to get read fine. * Stored by using: iptables-save > /etc/sysconfig/iptables Something else that springs to mind: If you've got SELinux enabled, perhaps your CRON script needs appropriate SELinux contexts. I am curious about why you need to keep saving the tables. -- (Currently running FC4, occasionally trying FC5.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
