well if you followed the thread you will realize that the original poster said that he did indeed do an iptables save but that didn't help in his case. furthermore i did clarify to say that "its not the safest way, but heck, I'm hoping it will work for you" i definitely AGREE that running the firewall rules till AFTER the system + services are up and running could be a potential hazard with a small period of vulnerability (few seconds) but having no other choice, a quick script to turn on the firewall rules at the very last is better than running nothing at all ... well, there are 2 sides to a coin and i definitely understand your concern, hence my little disclaimer within my original reply. On Tue, 2007-03-27 at 13:24 +0800, Feizhou wrote: > Roy Ong wrote: > > On Tue, 2007-03-27 at 08:22 +0800, Feizhou wrote: > >> Preston Crawford wrote: > >>>>> Does anyone know what is happening? I've tried iptables -save or > >>>>> whatever. > >>>>> Nothing seems to work in getting these ports to be open on reboot. > >>>>> > >>>> service iptables save > >>> I did that and it doesn't help. Do you think it has to do with the order > >>> in which things happen? i.e. smb starting up after iptables? It would seem > >>> other people would have that problem, though, wouldn't they? > >> Could you post the contents of /etc/sysconfig/iptables after a service > >> iptables save? > > > > If guess if you are thinking that the order of starting up could be the > > cause of it, the it might be easier if you do a simple hack as follows - > > its not the safest way, but heck, I'm hoping it will work for you :) > > Order of starting up has nothing do with it. I save my rules in exactly > the same way and my boxes come up with a set of rules just like what was > saved when i ran 'service iptables save'. > > > > > # iptables -F > > # iptables -Z > > # service iptables save > > # chkconfig iptables on > > > > Put all your iptables rules into a script file > > # vi /root/myfirewall.sh > > #!/bin/bash > > IPTABLES=/sbin/iptables > > $IPTABLES -F > > $IPTABLES -Z > > $IPTABLES -A INPUT -s 192.168.1.1 -j ACCEPT > > <or whatever needs to be done> > > <save and exit> > > # chmod 700 /root/myfirewall.sh > > > > Add the script file into rc.local > > # echo "/root/myfirewall.sh" >> /etc/rc.d/rc.local > > > > Every time upon reboot, the rc.local file gets called right at the last > > and in that sequence your /root/myfirewall.sh gets called just before > > the system is ready to accept logins. All other services should have > > been up and running long before the /root/myfirewall.sh gets called. > > Ooh, wonderful. Feel free to move the turning on of firewall rules from > BEFORE the network is setup to WAY AFTER the network is setup. I, for > one, will do no such thing. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos