According to the RHCE course I took last October, here is a clarification on the ipchains and iptables daemons located /etc/rc.d/init.d
both scripts initially deal with the Red Hat Firewall Configuration Toolkit, which is located at /usr/sbin/lokkit. lokkit is first called during installation, as it's the screen where it asks what level of firewall you want. As far as lokkit is concerned (and this is definitely a redhat-ism), the ipchains and iptables daemons both do the same thing, which is to load the firewall options you chose at bootup. Starting with RH 7.3 and beyond, the iptables daemon (is it even really a daemon? dunno know how else to aptly describe it) is used by default by lokkit. Even though RH 7.1 and 7.2 both include support for iptables, lokkit will employ ipchains by default instead. Don't ask me why, the RedHat instructor didn't know either. Here's where it gets kind of interesting. If you have an iptables script like MonMotha's firewall, you can run his script to get your firewall up and running, tweak it, and once you're satisfied with it, you can issue this: /sbin/service iptables save /sbin/chkconfig iptables on The first command sequence will load the current iptables config into memory. Not really actually, they just get loaded into /etc/sysconfig/iptables, which is another redhat-ism config file. The second command sequence will call the iptables daemon to start on boot. It turns out to be a roundabout way to have MonMotha's firewall to play nice in /etc/rc.d/init.d :-) hope that helps, Ho'ala Chris Stark said: >> ipchains iptables firewall stuff, one or other on. Actually my >> system has both on, a problem? > > You probably don't need both. IP Tables is the newer of the two (and > probably the one you should go with).
