Re: Iptables not saving...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2006-04-22 at 13:41 -0400, Devon Harding wrote:
> I have a cron.hourly script set up to save my iptables chains.  When I
> reboot, the chain is empty & /etc/sysconfig/iptables contains the
> default settings.
> 
> Here is /etc/cron.hourly/iptables.cron:
> 
> #!/bin/sh 
> /etc/init.d/iptables save >/dev/null 2>&1

What about doing an "iptables-save" command, instead?  (See near end of
message.)

I would have thought that what you're doing saves them to the same place
that iptables loads its tables at boot time, but maybe you're getting
some strange race condition.  And related to that, and in regards to
another posting about "/etc/sysconfig/iptables-config", you might want
to look at the same parameters that are inside the
"/etc/sysconfig/iptables-config" file.

My /etc/sysconfig/iptables-config file is the default:

IPTABLES_MODULES=""
IPTABLES_MODULES_UNLOAD="yes"
IPTABLES_SAVE_ON_STOP="no"
IPTABLES_SAVE_ON_RESTART="no"
IPTABLES_SAVE_COUNTER="no"
IPTABLES_STATUS_NUMERIC="yes"

I have custom rules stored (once) in the default place iptables reads
from at boot time (*), they seem to get read fine.

* Stored by using:  iptables-save > /etc/sysconfig/iptables

Something else that springs to mind:  If you've got SELinux enabled,
perhaps your CRON script needs appropriate SELinux contexts.

I am curious about why you need to keep saving the tables.

-- 
(Currently running FC4, occasionally trying FC5.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux