in root crontab
@reboot /sbin/iptables-restore /etc/iptables.state
then just run `/sbin/iptables-save > /etc/iptables.state` after making changes
works fer me
- Shane
On 10/12/2011 01:15 PM, Christopher Howard wrote:
> On 10/12/2011 10:55 AM, Joshua J. Kugler wrote:
>> On Wednesday, October 12, 2011, Christopher Howard elucidated thus:
>>> On 10/12/2011 12:39 AM, Joshua J. Kugler wrote:
>>>> On Tuesday, October 11, 2011, Christopher Howard elucidated thus:
>>>>> The official community doc just says to use the
>>>>> iptables-save command, but I think that only drops the rules to
>>>>> STDOUT.
>>>>
>>>> Right, which dumps them in a format that can then be fed to
>>>> iptables- restore. That's exactly the way you want to save them.
>>>> Where/how would you save them otherwise?
>>>>
>>>> j
>>>
>>> Right, that is of course the mechanism used to save and restore. But
>>> of course someone has to decide where the data is saved to and
>>> restored from, and during what part of the boot process this
>>> happens. Presumably this would be done by an init script, but I
>>> cannot find an init script named "iptables", so I am wondering if I
>>> need to add one myself, or if it has a different name, or...?
>>>
>>> Furthermore, I am wondering: if I can find no "iptables" init script,
>>> how do I even control whether or not the iptables service is starting
>>> at boot?
>>
>> Ah, I see what you mean now. I've never started/stopped iptables at
>> boot/shutdown. I've always used a higher-level interface, shut as
>> Shorewall.
>>
>> What distribution are you using? One a RHEL5 system I admin, there is
>> an 'iptables' script in /etc/init.d, owned by the iptables package. The
>> debian package does not seem to have this. But even the RHEL init
>> script does not seem to use iptables-save/restore.
>>
>> j
>>
>
> Ubuntu 11.04 on a server. (no GUI).
>
> # cat /etc/motd
> Welcome to Ubuntu 11.04 (GNU/Linux 2.6.18-238.9.1.el5.028stab089.1 x86_64)
>
> * Documentation: https://help.ubuntu.com/
>
> # runlevel
> N 2
>
> # ls /etc/rc2.d/ -l
> total 4
> -rw-r--r-- 1 root root 677 Mar 29 2011 README
> lrwxrwxrwx 1 root root 18 Oct 12 05:22 S10sysklogd -> ../init.d/sysklogd
> lrwxrwxrwx 1 root 500 19 Oct 12 05:22 S10vzquota -> /etc/init.d/vzquota
> lrwxrwxrwx 1 root root 24 Oct 12 05:22 S20modules_dep.sh ->
> ../init.d/modules_dep.sh
> lrwxrwxrwx 1 root root 19 Oct 12 05:22 S20saslauthd -> ../init.d/saslauthd
> lrwxrwxrwx 1 root root 18 Oct 12 05:22 S21sendmail -> ../init.d/sendmail
> lrwxrwxrwx 1 root root 14 Oct 12 05:22 S75sudo -> ../init.d/sudo
> lrwxrwxrwx 1 root root 18 Oct 12 05:22 S99rc.local -> ../init.d/rc.local
>
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Oct 12 14:22:26 2011
This archive was generated by hypermail 2.1.8 : Wed Oct 12 2011 - 14:22:26 AKDT