[CentOS] Standard RH iptables analysis
Kenneth Porter
shiva at sewingwitch.com
Sun Jun 10 21:10:29 UTC 2007
--On Wednesday, June 06, 2007 6:02 PM -0700 Al Sparks <data345 at yahoo.com>
wrote:
> Strangely enough, that's not reflected in the
> # iptables -L
> output.
The sysconfig file shows what will be loaded on boot. To see the same
information about what's in memory, use iptables-save. That's what's used
by the initscript to save to the sysconfig file. It normally outputs to
standard output, and the initscript redirects it to the sysconfig file.
BTW, if you have lots of rules, it's more efficient to load them with
iptables-restore than individual iptables commands, because the -restore
variant loads them all with one kernel operation, and hence only one
locking of the table.
More information about the CentOS
mailing list