Peter Kjellström wrote:
It will work but it's not the "right" way and it's not pretty. I say go for Brian J Smiths approach in the previous e-mail.
Just know I'm not a "my way dammit" type of guy. Whatever works is whatever works. Although if you work for me, or I'm a consultant at your firm, you'll get the baseball bat if your supervisors are paying me to tell you how to do things. ;-> Because in the majority of those cases, they are also paying for Red Hat support as well (and we want to minimize any number and/or complications with those).
Exactly. I do this even at home. It's almost to the point of absurdity. I'll avoid the quick and dirty so that I learn to do it the right way, precisely so when I'm called on to do it at work I know the right way.
The reason is that *I* (and I want the companies I consult for) try to learn the vendor's supported way. That way I send Red Hat 1 file to Red Hat and they don't have to worry or second-guess where other rules might be written. I.e., in a nutshell, I've got "bitten in the @$$" when I've put rules in rc.sysinit or rc.local or in some odd /usr/local/sbin script because I missed them.
Same here. rc.local was my first thought, but I figured with all the progress made in abstracting (repos.d is a good example) configuration more neatly, that there had to be a better way.
Preston Crawford wrote:
Yeah. Makes sense. That's why I asked for the "canonical" way of doing it. I'll take "what works", but I prefer to do it the "right" way.
The great thing about the "service iptables save" (or "/etc/init.d/iptables save") command. If you get something that works, you can run that command and it'll save it for the next time. Still inspect the /etc/sysconfig/iptables script afterwards to make sure the rules are correct (they will be subsets of the full iptables line). But for the most part, they work just fine for myself.
This is what I did. Thanks!!!
If you were glued to the TV during the Katrina hurricanes and saw the (407) (Orlando) or (813) (Tampa) area code phone number to call to find out about relatives -- that was my small company's work. They were IP communications equipment deployed over a mesh network setup in minutes up to a satellite uplink -- all controlled by *1* Linux box with my scripts (and other capabilities). We're normally not into the business of providing the actual disaster services -- we're more interested in selling our stuff to others to do such. But since we're the only company with the proven capabilities (something we proved after Charlie, which hit even my house last year), we're the ones FEMA and the Coast Guard look to at a moments notice.
Nice. So FEMA got something right. :-)
I mean that as a compliment to you, not a slam on FEMA.
Preston