iptables has amnesia :-)

[Don Russell]

James Kosin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>  
> Don Russell wrote:
>   
>> Mikkel L. Ellertson wrote:
>>     
>>> Don Russell wrote:
>>>
>>>       
>>>> Twice now, I've applied new rules using iptables -I... to
>>>> accept specific traffic, and each time those rules
>>>> "disappeared" a little while later...
>>>>
>>>> I don't see anything in "man iptables" like "... and don't you
>>>> forget it!" (Of course maybe I missed it...)
>>>>
>>>> This is FC7.... using the cli iptables commands from root.... I
>>>> also used webmin with the same effect.
>>>>
>>>> Why are the new rules not remembered?
>>>>
>>>> Thanks
>>>>
>>>>
>>>>         
>>> If you are talking about the rules not surviving a reboot, try
>>> running "service iptables save" and/or "service ip6tables save".
>>> If you want the changes saved automatically, edit
>>> /etc/sysconfig/iptables.conf and change
>>> IPTABLES_SAVE_ON_RESTART="no" to  IPTABLES_SAVE_ON_STOP="yes". Do
>>>  the same for /etc/sysconfig/ip6tables.conf.
>>>
>>> Mikkel
>>>
>>>       
>> ah... that's good to know... BUT.... in neither case have I
>> restarted the system....
>>
>> I'll have a look at that config file though and see if there are
>> any clues. :-)
>>
>> Maybe what I need to do (as you suggest) is "service iptables save"
>>  after adding the rules and verifying they work correctly.
>>
>> (I looked at the webmin method specifically for some form of "save
>> these rules", but there is only "apply thse rules", which I did
>> need to do)
>>
>>
>>
>>     
> Are you using DHCP on any of your interfaces?
>   

The FC7 box has one interface, yes, it uses DHCP to get an address from 
my (Cisco) router.... it always gets the same IP address because I have 
a specific "dhcp pool" defined in Cisco  IOS for that one MAC address.