The best place I have found to place such script is immediately after bringing up the interface. Especially on interfaces that get their ip address changes by the ISP.
Redhat looks for (in /etc/sysconfig/network-scripts/ifup) and executes if found, /sbin/ifup-local. Define it and put into it a reference to the script that builds your rules. If you face the dhcp problem, pass the interface name to the script as an argument and parse the ip address from an invocation of /sbin/inconfig. If your interface ip is non-changing, run the script, execute /etc/rc.d/init.d/iptables save You will get those same rules back every time your system does an /etc/rc.d/init.d/iptables start One note: an iptables start only invokes the actual iptables rules. Other commands commonly embedded in such "define scripts", such as, echo 1 > /proc/../../etc/etc, don't get issued. -- ---------------------------------- Bob Hillegas [EMAIL PROTECTED] On Thu, 4 Jul 2002 [EMAIL PROTECTED] wrote: > > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Placement of Iptable Scripts > Date: Thu, 4 Jul 2002 21:57:16 -0500 > > I'm relatively new to iptables and have the following question. > > where is the best place to place my iptable bash script so that it loads my > iptable chains and rules when my server reboots? > > Thanks! > > Mark
