you helped me clear ideas thanks for everything
2013/10/10 Reindl Harald h.reindl@thelounge.net
Am 10.10.2013 16:13, schrieb Paolo De Michele:
sorry, but now if I modify /etc/sysconfig/iptables and I add two strings, per example:
output omitted
-A INPUT -s ddns.no-ip.org -p icmp -j ACCEPT
-A INPUT -j DROP
output omitted
and I do:
service iptables save and restart my iptables firewall, output iptables -L is:
-A INPUT -j DROP -A INPUT -s ddns.no-ip.org -p icmp -j ACCEPT
why?
*why* you you mangle around in /etc/sysconfig/iptables this file is written by "service iptables save"
this file is *read* at iptables *startup* and written with the *currently* active rules with "service iptables save"
man iptables _______________________________________
#!/bin/bash iptables -P INPUT DROP iptables -P FORWARD DROP iptables -F iptables -X CHAINS=`cat /proc/net/ip_tables_names 2>/dev/null` for i in $CHAINS; do iptables -t $i -F; done && echo "Flush OK" || echo "Flush FAILED" for i in $CHAINS; do iptables -t $i -X; done && echo "Clear OK" || echo "Clear FAILED" for i in $CHAINS; do iptables -t $i -Z; done iptables -A INPUT -p icmp -s 64.39.31.103 -j ACCEPT iptables -A INPUT -j DROP service iptables save _______________________________________
BTW: nobody but you is using hostnames for iptables-rules because it is a pretty dumb idea to rely on a working name resolution in realy boot
-
Paolo De Michele