Iptables not saving...
Tim
ignored_mailbox at yahoo.com.au
Sun Apr 23 07:33:49 UTC 2006
On Sat, 2006-04-22 at 13:41 -0400, Devon Harding wrote:
> I have a cron.hourly script set up to save my iptables chains. When I
> reboot, the chain is empty & /etc/sysconfig/iptables contains the
> default settings.
>
> Here is /etc/cron.hourly/iptables.cron:
>
> #!/bin/sh
> /etc/init.d/iptables save >/dev/null 2>&1
What about doing an "iptables-save" command, instead? (See near end of
message.)
I would have thought that what you're doing saves them to the same place
that iptables loads its tables at boot time, but maybe you're getting
some strange race condition. And related to that, and in regards to
another posting about "/etc/sysconfig/iptables-config", you might want
to look at the same parameters that are inside the
"/etc/sysconfig/iptables-config" file.
My /etc/sysconfig/iptables-config file is the default:
IPTABLES_MODULES=""
IPTABLES_MODULES_UNLOAD="yes"
IPTABLES_SAVE_ON_STOP="no"
IPTABLES_SAVE_ON_RESTART="no"
IPTABLES_SAVE_COUNTER="no"
IPTABLES_STATUS_NUMERIC="yes"
I have custom rules stored (once) in the default place iptables reads
from at boot time (*), they seem to get read fine.
* Stored by using: iptables-save > /etc/sysconfig/iptables
Something else that springs to mind: If you've got SELinux enabled,
perhaps your CRON script needs appropriate SELinux contexts.
I am curious about why you need to keep saving the tables.
--
(Currently running FC4, occasionally trying FC5.)
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.
More information about the users
mailing list