On Sun, 2006-05-07 at 19:48 -0400, Devon Harding wrote:
>iptables-save outputs current rules to stdin.
>If you want them to be saved, redirect output not to
>/dev/null but /etc/sysconfig/iptables .
I forgot to mention that my cron job was already updated to output to
a regular file, but even this still does not work. Chains are gone
after reboot.
[root@mars ~]# cat /etc/cron.hourly/iptables.cron
#!/bin/sh
/sbin/iptables-save > /etc/sysconfig/iptables
>
> Use "service iptables save" to save the current rules for use on the next
> reboot.
>
When I do that, after I reboot, I get this:
[root@mars ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Try configuring your rules, then run the "service iptables save"
command.
After doing the save compare the running rules with the contents
of /etc/sysconfig/iptables to verify if the data ever gets saved.
This looks like the data is not getting written and the content
of /etc/sysconfig/iptables still is likely the default.
Post the output of "service iptables status", the output of "ls
-l /etc/sysconfig/iptables" and the contents of /etc/sysconfig/iptables
before and after running the "service iptables save" command.
That will tell us if the data is ever getting written.
Note that anything reading or writing /etc/sysconfig/iptables *must* do
so as root.