Re: iptables has amnesia :-)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



James Kosin wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Don Russell wrote:
Mikkel L. Ellertson wrote:
Don Russell wrote:

Twice now, I've applied new rules using iptables -I... to
accept specific traffic, and each time those rules
"disappeared" a little while later...

I don't see anything in "man iptables" like "... and don't you
forget it!" (Of course maybe I missed it...)

This is FC7.... using the cli iptables commands from root.... I
also used webmin with the same effect.

Why are the new rules not remembered?

Thanks


If you are talking about the rules not surviving a reboot, try
running "service iptables save" and/or "service ip6tables save".
If you want the changes saved automatically, edit
/etc/sysconfig/iptables.conf and change
IPTABLES_SAVE_ON_RESTART="no" to  IPTABLES_SAVE_ON_STOP="yes". Do
 the same for /etc/sysconfig/ip6tables.conf.

Mikkel

ah... that's good to know... BUT.... in neither case have I
restarted the system....

I'll have a look at that config file though and see if there are
any clues. :-)

Maybe what I need to do (as you suggest) is "service iptables save"
 after adding the rules and verifying they work correctly.

(I looked at the webmin method specifically for some form of "save
these rules", but there is only "apply thse rules", which I did
need to do)



Are you using DHCP on any of your interfaces?

The FC7 box has one interface, yes, it uses DHCP to get an address from my (Cisco) router.... it always gets the same IP address because I have a specific "dhcp pool" defined in Cisco IOS for that one MAC address.




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux