my iptables setting not loaded after reboot in fc5
Jeff Vian
jvian10 at charter.net
Thu May 18 23:14:35 UTC 2006
On Thu, 2006-05-18 at 15:36 -0500, Hongwei Li wrote:
> > First you should set the iptables rules to what you desire. Then you should
> > save them with
> >
> > iptables-save > /etc/sysconfig/iptables
> >
> > and having set the settings I refered to to "yes", the iptables should
> > survive after a reboot.
> > It works perfectly with my system. I think the problem is that you
> > rebooted/restarted
> > iptables before setting them up, and that's why you don't get any rules now.
> >
> -- NO. I did exactly as what you said:
> 1. set my rules in /etc/sysconfig/iptables
>
> 2. edit /etc/sysconfig/iptables-config and set
> IPTABLES_SAVE_ON_STOP="yes"
> IPTABLES_SAVE_ON_RESTART="yes"
>
> 3. run service iptables restart
>
> 4. run iptables-save > /etc/sysconfig/iptables
> -- after that, I checked the file /etc/sysconfig/iptables, it does have what I
> set, the only change is the timestamp.
>
here is the error.
You made the change in /etc/sysconfig/iptables, and did not make the
changes in the running rules.
You then did the "service iptables restart" in step 3 and overwrote the
rules you had entered with the stock rules that were already running,
throwing away your changes
As has already been suggested,
1) Make the changes in the running rules.
2) save the changes with "service iptables save"
3) reboot and confirm the changes are now in effect.
> 5. reboot
>
> 6. the file /etc/sysconfig/iptables goes to the "oroginal" one and no port is
> opened -- all of my settings are gone.
>
> > The best way to correct this I guess is through the graphical helper go to
> > Start->System->Administration->Security Level and Firewall
> >
>
> That is not useful. I discussed with several other people before -- it does
> not provide the way to set source IPs. I will try Firestater.
>
> Hongwei
>
More information about the users
mailing list