First you should set the iptables rules to what you desire. Then you should save them with<br><br>iptables-save > /etc/sysconfig/iptables<br><br>and having set the settings I refered to to "yes", the iptables should survive after a reboot.
<br>It works perfectly with my system. I think the problem is that you rebooted/restarted <br>iptables before setting them up, and that's why you don't get any rules now.<br><br>The best way to correct this I guess is through the graphical helper go to
<br>Start->System->Administration->Security Level and Firewall<br><br>and change things to your liking over there. Then you will have secure and functional <br>default iptables that you can tweak around to your liking.
<br><br>Filippos<br><br><br><div><span class="gmail_quote">On 5/18/06, <b class="gmail_sendername">Hongwei Li</b> <<a href="mailto:hongwei@wustl.edu">hongwei@wustl.edu</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
> You should also change<br>><br>> IPTABLES_SAVE_ON_RESTART="no"<br>><br>> to<br>><br>> IPTABLES_SAVE_ON_RESTART="yes"<br>><br>> as well in /etc/sysconfig/iptables-config. Then make all the desired changes
<br>> you<br>> want in iptables rules and save them (just in case) by<br>><br>> iptables-save > /etc/sysconfig/iptables<br>><br>> Then your rules should survive system reboots.<br>><br>> Filippos
<br>><br>No, it gets even worse -- erased all of my settings and put something like:<br><br># Generated by iptables-save v1.3.5 on Thu May 18 14:04:52 2006<br>*filter<br>:INPUT ACCEPT [0:0]<br>:FORWARD ACCEPT [0:0]<br>
:OUTPUT ACCEPT [0:0]<br>COMMIT<br># Completed on Thu May 18 14:04:52 2006<br># Generated by iptables-save v1.3.5 on Thu May 18 14:04:52 2006<br>*mangle<br>:PREROUTING ACCEPT [5249:508453]<br>:INPUT ACCEPT [5249:508453]<br>
:FORWARD ACCEPT [0:0]<br>:OUTPUT ACCEPT [2607:420915]<br>:POSTROUTING ACCEPT [2608:421173]<br>COMMIT<br># Completed on Thu May 18 14:04:52 2006<br># Generated by iptables-save v1.3.5 on Thu May 18 14:04:52 2006<br>*nat<br>
:PREROUTING ACCEPT [544:96419]<br>:POSTROUTING ACCEPT [119:9123]<br>:OUTPUT ACCEPT [119:9123]<br>COMMIT<br># Completed on Thu May 18 14:04:52 2006<br><br>in the file /etc/sysconfig/iptables and no port (22, 80, etc.) is open after
<br>reboot.<br><br>Hongwei<br><br>--<br>fedora-list mailing list<br><a href="mailto:fedora-list@redhat.com">fedora-list@redhat.com</a><br>To unsubscribe: <a href="https://www.redhat.com/mailman/listinfo/fedora-list">https://www.redhat.com/mailman/listinfo/fedora-list
</a><br></blockquote></div><br>