On Thu, Oct 10, 2013 at 9:13 AM, Paolo De Michele <paolo at paolodemichele.it>wrote: > sorry, but now if I modify /etc/sysconfig/iptables and I add two strings, > per example: > > output omitted > ----- > -A INPUT -s ddns.no-ip.org -p icmp -j ACCEPT > -A INPUT -j DROP > ------ > output omitted > > and I do: > > service iptables save > and > restart my iptables firewall, output iptables -L is: > > -A INPUT -j DROP > -A INPUT -s ddns.no-ip.org -p icmp -j ACCEPT > > why? > When you do # service iptables save it over-writes /etc/sysconfig/iptables with the active set of iptables, so your changes are lost. One way to do what you want is to modify /etc/sysconfig/iptables, then do # service iptables restart This will reload the iptables from /etc/sysconfig/iptables -- Dale Dellutri