service iptables save, systemctl, and unhelpful error messages
Reindl Harald
h.reindl at thelounge.net
Wed Feb 15 19:21:14 UTC 2012
Am 15.02.2012 20:01, schrieb Genes MailLists:
> On 02/15/2012 09:45 AM, "Jóhann B. Guðmundsson" wrote:
>
>> Experienced admins dont use service iptables blah anyway ( they use
>> iptables commands directly ) so it hardly matters to them documentation
>> should however be updated for those that actually use service iptables
>> blah to point this out so you should file a DOC bug for it.
>>
> Actually, many experienced users directly create and put their rules
> file wherever the iptables service reads it from (historically it is
> /etc/sysconfig/iptables). Not sure if that has changed - if not JBG is
> essentially right
>
> For those still using iptables command instead, to install the rules in
> the kernel one at a time, they can then use the iptables-save command to
> create rules file from already running firewall.
>
> But, note that installing rules into the kernel via iptables command
> one rule at a time is 2-3 orders of magnitude slower than creating the
> rules file and installing all the rules in one shot.
thats right, but if you have any error in your rules you get
a problem because in the worst no firewall at all is active
dooing it with a shell-script results only in failing one
rule with a error-message and apply the other ones, timing
is usually not the problem if you don't have thousands of rules
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20120215/37579614/attachment.sig>
More information about the devel
mailing list