[CentOS] Question about rebooting and iptables rules persisting

[Feizhou]

Roy Ong wrote:
> On Tue, 2007-03-27 at 08:22 +0800, Feizhou wrote:
>> Preston Crawford wrote:
>>>>> Does anyone know what is happening? I've tried iptables -save or
>>>>> whatever.
>>>>> Nothing seems to work in getting these ports to be open on reboot.
>>>>>
>>>> service iptables save
>>> I did that and it doesn't help. Do you think it has to do with the order
>>> in which things happen? i.e. smb starting up after iptables? It would seem
>>> other people would have that problem, though, wouldn't they?
>> Could you post the contents of /etc/sysconfig/iptables after a service 
>> iptables save?
> 
> If guess if you are thinking that the order of starting up could be the
> cause of it, the it might be easier if you do a simple hack as follows -
> its not the safest way, but heck, I'm hoping it will work for you :)

Order of starting up has nothing do with it. I save my rules in exactly 
the same way and my boxes come up with a set of rules just like what was 
saved when i ran 'service iptables save'.

> 
> 	# iptables -F
> 	# iptables -Z
> 	# service iptables save
> 	# chkconfig iptables on
> 
> Put all your iptables rules into a script file
> 	# vi /root/myfirewall.sh
> 		#!/bin/bash
> 		IPTABLES=/sbin/iptables
> 		$IPTABLES -F
> 		$IPTABLES -Z
> 		$IPTABLES -A INPUT -s 192.168.1.1 -j ACCEPT
> 			<or whatever needs to be done>
> 			<save and exit>
> 	# chmod 700 /root/myfirewall.sh
> 
> Add the script file into rc.local
> 	# echo "/root/myfirewall.sh" >> /etc/rc.d/rc.local
> 
> Every time upon reboot, the rc.local file gets called right at the last
> and in that sequence your /root/myfirewall.sh gets called just before
> the system is ready to accept logins. All other services should have
> been up and running long before the /root/myfirewall.sh gets called.

Ooh, wonderful. Feel free to move the turning on of firewall rules from 
BEFORE the network is setup to WAY AFTER the network is setup. I, for 
one, will do no such thing.