service iptables save, systemctl, and unhelpful error messages
Genes MailLists
lists at sapience.com
Wed Feb 15 19:01:38 UTC 2012
On 02/15/2012 09:45 AM, "Jóhann B. Guðmundsson" wrote:
> Experienced admins dont use service iptables blah anyway ( they use
> iptables commands directly ) so it hardly matters to them documentation
> should however be updated for those that actually use service iptables
> blah to point this out so you should file a DOC bug for it.
>
>
Actually, many experienced users directly create and put their rules
file wherever the iptables service reads it from (historically it is
/etc/sysconfig/iptables). Not sure if that has changed - if not JBG is
essentially right
For those still using iptables command instead, to install the rules in
the kernel one at a time, they can then use the iptables-save command to
create rules file from already running firewall.
But, note that installing rules into the kernel via iptables command
one rule at a time is 2-3 orders of magnitude slower than creating the
rules file and installing all the rules in one shot.
Either way, all you need to do is put them where the iptables service
expects to read them from when its started - I would think - all it does
it invoke iptables-restore on the rules file - or at least thats the way
it used to work :-)
gene
More information about the devel
mailing list