Maxwell Smart wrote:
Firewall related question.
If I execute
r...@myconsole# iptables -A INPUT -s 10.10.10.10 -j DROP
Does this amend the existing table? Does it add the entry to the top or
bottom of the file?
CJ
-A is the same as --append which means to add it to the end of the
selected chain (INPUT in this case).
Issuing iptables commands to modify the firewall changes the actively
running table in memory, but nothing else. These changes will not be
persistent, and will be lost when iptables is stopped or the system
reboots. In order to save the change, you need to
# service iptables save
The easiest way to modify iptables settings is to edit the
/etc/sysconfig/iptables file. This is the file that the save command
(above) creates/modifies, and it's also used when starting the iptables
service. After you've made changes there, you can
# service iptables restart
to make your changes effective.
It's a good idea to make a backup copy of this (and any configuration)
file before making any changes to it. I would typically do:
# cd /etc/sysconfig
# cp -p iptables iptables.$(date +%Y%m%d)
# vi iptables
in order to make changes. This way you can easily tell from the file
name when a given configuration backup file was last effective.
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]