[PLUG] iptables Config' File
Sasha Romanosky
sasha_romanosky at yahoo.com
Wed Nov 19 19:37:02 UTC 2003
Jason,
fwiw, I have an /etc/iptables that is a script beginning with
#!/bin/sh
/sbin/iptables bla bla bla
...
and ending with
/etc/init.d/iptables save
So on startup, it loads the formatted config. This also seemed like an
easy way to update/test new configs just by running the script as
necessary.
The formatted config file seemed weird to me - a noticable difference
from ipchains - so this was my quick fix. It should also make for a
maintainable a portable configuration.
hope this helps,
sasha
> -----Original Message-----
> From: plug-admin at lists.pdxlinux.org
> [mailto:plug-admin at lists.pdxlinux.org] On Behalf Of Jason Van Cleve
> Sent: Wednesday, November 19, 2003 1:47 PM
> To: plug at lists.pdxlinux.org
> Subject: [PLUG] iptables Config' File
>
>
> Quick question on iptables, which I'm finally getting around
> to setting up on my laptop. I'd like to create a more or
> less permanent and reusable configuration file, one I can
> modify for use on other machines. I've heard of many people
> writing explicit scripts to configure the filter (iptables -b
> blah-blah; iptables -blah; . . .), but I also notice that
> iptables-save creates a formatted config' instead of actual
> iptables commands.
>
> Is it wise to just use that formatted output as a portable
> config' file? That is, to SCP it to another machine and load
> it there with iptables-restore (even just as a starting
> point)? Maybe it would be better to write a script, so that
> I can compare it with other people's; but my distro' is set
> up to use iptables-restore at boot time, so maintaining a
> script could be awkward.
>
> --Jason Van Cleve
>
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plu> g
>
More information about the PLUG
mailing list