[CentOS] /etc/sysconfig/iptables syntax
Mike
1100100 at gmail.comMon May 23 02:55:28 UTC 2016
- Previous message: [CentOS] Upcoming OwnCloud changes
- Next message: [CentOS] /etc/sysconfig/iptables syntax
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
The last two router/firewall servers I had used Slackware and Gentoo. I'm used to writing complete and explicit iptables rules; however, when I set up /etc/sysconfig/iptables in CentOS 7 my usual syntax is unusable. For example, I'm used to stating postrouting masquerade as: /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 10.10.10.0/24 -j MASQUERADE But when I use the rule above, iptables.service fails upon start and exits. Through a series of trial and error, I found a correct masquerade statement: *nat -A POSTROUTING -o eth0 -s 10.10.10.0/24 -j MASQUERADE COMMIT This looks similar to output from iptables-save. Another example: /usr/sbin/iptables -t filter -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP [DOES NOT WORK] *filter -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP COMMIT [DOES WORK] After using iptables for a long time, I can't figure out where this syntax comes from. Can anyone point me in the right direction to understand the proper syntax necessary in /etc/sysconfig/iptables? Thanks for your help.
- Previous message: [CentOS] Upcoming OwnCloud changes
- Next message: [CentOS] /etc/sysconfig/iptables syntax
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list