If losing the rules is the issue, why not dump the rules to a file? : Iptables-save > iptables.save
And if you need to restore them: Iptables-restore < iptables.save Service iptables save Service iptables restart -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dmitry Makovey Sent: Tuesday, March 08, 2011 3:51 PM To: [email protected] Subject: Proper management of iptables? Hi everybody, For quite a while inside of our organization we've been editing /etc/sysconfig/iptables directly without much issues. However it was suggested to us that by doing so we risk losing all those rules whenever some package decides to use lokkit or "system-config-firewal*" Several different sources suggested that modifying iptables on-the fly (via CLI) and then saving rules via $ service iptables save is a proper technique. Doing a bit of analysis I can't really find any trace of code that would prevent us from maintaining iptables just the way we were (as long as *we* don't use lokkit or system-config-firewall*) since "service iptables save" is a valid technique and uses iptables-save script which is part of iptables package and *not* part of system-config-firewall* So we've got some evidence that may confirm our usage as valid, however it would be nice to know if indeed this is *not* a recommended way of maintaining iptables and we should reconsider how we approach it. -- Dmitry Makovey Web Systems Administrator Athabasca University (780) 675-6245 -- redhat-sysadmin-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
