[CentOS] Putting nat routing into place permanently? -- service iptables save
Bryan J. Smith
thebs413 at earthlink.net
Fri Nov 4 20:13:07 UTC 2005
Dale Dellutri <dale at EckhardtTrading.com> wrote:
> Visibility aside, isn't rc.local much too late for setting
> up iptables?
As at least 1 other has mentioned as well.
> My /etc/rc.d/rc3.d/ has an S08iptables and an S10network,
> then lots more, including an S99local, and then after all
> this, rc.local is run.
FYI ... (Fedora Core 3) ...
$ ls -la /etc/rc5.d/S99local
... /etc/rc5.d/S99local -> ../rc.local
> By this time, the network has already been up. It seems to
> me that if you want to do some iptables setup, it must be
> done before S10network, or it leaves a short-time security
> hole.
Again, as at least 1 other has mentioned as well.
> Personally, I set up the iptables I want and then do
> service iptables save
> If I was worried about changes, I guess I'd modify
> S08iptables to check that nothing has changed, or add an
> S07checkiptables script.
Such can be done with a conditional like ...
[ "`rcsdiff /etc/sysconfig/iptables`" != "" ]
Which will return true if the file hasn't changed from the
last RCS check-in (which should be the last edit ;-).
> (This is my first post to this mailing list, so I hope I've
> done it correctly.)
Wrong! @-ppp
--
Bryan J. Smith | Sent from Yahoo Mail
mailto:b.j.smith at ieee.org | (please excuse any
http://thebs413.blogspot.com/ | missing headers)
More information about the CentOS
mailing list