iptables has amnesia :-)

Thomas Woerner twoerner at redhat.com
Wed Aug 22 15:59:08 UTC 2007


iptables is the userland configuration utility for netfilter in the 
kernel. It does not delete rules without beeing told to do so.

Thomas

Don Russell wrote:
> Mikkel L. Ellertson wrote:
>> Don Russell wrote:
>>  
>>> Mikkel L. Ellertson wrote:
>>>    
>>>> If you are talking about the rules not surviving a reboot, try
>>>> running "service iptables save" and/or "service ip6tables save". If
>>>> you want the changes saved automatically, edit
>>>> /etc/sysconfig/iptables.conf and change
>>>> IPTABLES_SAVE_ON_RESTART="no" to  IPTABLES_SAVE_ON_STOP="yes". Do
>>>> the same for /etc/sysconfig/ip6tables.conf.
>>>>
>>>> Mikkel
>>>>         
>> I must have deleted a section of my message somehow before I sent it
>> - there should be advice about changing 2 variables, but there is
>> the default state of one, and the needed state of the other...
>>  
>>> ah... that's good to know... BUT.... in neither case have I restarted
>>> the system....
>>>
>>> I'll have a look at that config file though and see if there are any
>>> clues. :-)
>>>
>>> Maybe what I need to do (as you suggest) is "service iptables save"
>>> after adding the rules and verifying they work correctly.
>>>
>>> (I looked at the webmin method specifically for some form of "save these
>>> rules", but there is only "apply thse rules", which I did need to do)
>>>
>>>     
>> Please post back what you find, as this seams to be a strange one -
>> the rules should not vanish on a normally running system.  Are
>> logging out and logging back in at the console, or bringing down an
>> interface, and bringing it back up between setting the rules, and
>> then vanishing?
>>
>> Mikkel
>>   
> 
> IPTABLES_SAVE_ON_RESTART and IPTABLES_SAVE_ON_STOP are both set to the 
> default value of "no".
> 
> So, I guess my question becomes, when does the firewall stop or restart?
> 
> I log on to a non-root user via ssh, then "su -"/"exit" to make the 
> iptables changes.... I have not restarted the whole machine, nor have I 
> restarted the iptables service.... does it restart periodically for some 
> reason? I haven't added anything to cron etc to make that happen...
> 
> I'm not restarting the interface....
> 
> I don't see what I could have done that cause d the firewall to 
> stop/restart....
> 
> 


-- 
Thomas Woerner
Software Engineer            Phone: +49-711-96437-310
Red Hat GmbH                 Fax  : +49-711-96437-111
Hauptstaetterstr. 58         Email: Thomas Woerner <twoerner at redhat.com>
D-70178 Stuttgart            Web  : http://www.redhat.de/




More information about the users mailing list