Where is the IPTABLES rule set?

[Kenneth Porter]

--On Thursday, December 01, 2005 11:51 AM -0500 Bob Kryger <bobk at panix.com> 
wrote:

> In fedora, once you get the rules the way you want them, run
> '/etc/init.d/iptables save' to update the /etc/sysconfig/iptables file.
> I never edit the sysconfig file by hand, although I will make copies of
> the file as backup.

Instead of using the path to the init script, you can use "service iptables 
save". The "service" command figures out where the initscript is.

I do backup my sysconfig file before messing with the firewall, but I often 
edit it once I've backed it up. The format isn't too tough to decipher. 
Each line has the stuff after "iptables -t majortable -A minortablename". 
The major and minor tables are in groups. The counters for each rule can 
optionally appear at the beginning of the line in brackets.

The big win in using the save file over individual rule invocations is that 
it gets loaded into the kernel in one gulp, with only one locking of the 
kernel structure. This makes it much faster when you have a lot of rules. 
Some iptables helper programs can generate 100's of rules, so this makes 
your firewall loading much less painful.