On Sun, 2006-05-07 at 19:48 -0400, Devon Harding wrote: > >iptables-save outputs current rules to stdin. > >If you want them to be saved, redirect output not to > >/dev/null but /etc/sysconfig/iptables . > > I forgot to mention that my cron job was already updated to output to > a regular file, but even this still does not work. Chains are gone > after reboot. > > [root@mars ~]# cat /etc/cron.hourly/iptables.cron > #!/bin/sh > /sbin/iptables-save > /etc/sysconfig/iptables > > > > > Use "service iptables save" to save the current rules for use on the next > > reboot. > > > > When I do that, after I reboot, I get this: > > [root@mars ~]# iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > Try configuring your rules, then run the "service iptables save" command. After doing the save compare the running rules with the contents of /etc/sysconfig/iptables to verify if the data ever gets saved. This looks like the data is not getting written and the content of /etc/sysconfig/iptables still is likely the default. Post the output of "service iptables status", the output of "ls -l /etc/sysconfig/iptables" and the contents of /etc/sysconfig/iptables before and after running the "service iptables save" command. That will tell us if the data is ever getting written. Note that anything reading or writing /etc/sysconfig/iptables *must* do so as root.
