On Tue, 2007-07-03 at 21:24 +1000, Amos Shapira wrote: > On 03/07/07, Nadav Har'El <[EMAIL PROTECTED]> wrote: > The approach I like better is to edit /etc/sysconfig/iptables
> Are you serious? You recommend people to edit a file with a syntax > like: > > # Generated by iptables-save v1.2.7a on Wed May 30 17:25:39 2007 > *filter > :INPUT ACCEPT [75395166:5137157842] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [65942397:7216862317] > :block - [0:0] > [1116355:68298646] -A INPUT -j block > ... > COMMIT > > over scripting a list of "iptables -A" commands which can be repeated > and made idempotent? Except the chain counters, the fedora iptables save file looks like iptables commands: *filter :INPUT ACCEPT [50698034:41537099923] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [51677384:30197019451] -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT .. it is not far fetched to edit them (especially if you don't mind that counter information is lost). -- Oded ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
