-----Robert wrote ---- From: Robert <[EMAIL PROTECTED]> To: NetFilter Users <[EMAIL PROTECTED]> Subject: Proper place to load your iptable script Date: Mon, 13 May 2002 19:53:51 -0400
Hello, Can someone tell me the correct init script that I can load my iptables script? I tried /etc/rc.d/rc.local, but I'm not sure that is the best location. Thanks, Robert ------ Reply ----- If you have a static IP address for the host, 1) load your rules by hand, 2) /etc/rc.d/init.d/iptables save (This creates a copy of current rules in memory in /etc/sysconfig/ 3) make sure chkconfig --list says that iptables is on, and if not chkconfig iptables on Now when you boot it will automatically (ie /etc/rc.d/init.d/iptables start) load the file you saved in step 2) OTOH, if you have an interface that gets a dynamic IP, create a script called /sbin/ifup-local and another called ifdown-local. (I'm making the assumption you're running RedHat or a compatible dist) these are tested for and executed on the way up and down. By the time ifup-local executes you can /sbin/ifconfig and slice and dice the output to get the IP address. then pass it as an argument to your iptables script. I can post you examples of the latter if needed. -- ------------------------------------------------- Bob Hillegas <[EMAIL PROTECTED]>
