[CentOS] Iptables not save rules
mike at microdel.org
Tue Sep 13 16:04:47 UTC 2016
On Tue, 13 Sep 2016, TE Dukes wrote:
>> -----Original Message-----
>> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
>> Behalf Of John R Pierce
>> Sent: Sunday, September 11, 2016 10:44 PM
>> To: centos at centos.org
>> Subject: Re: [CentOS] Iptables not save rules
>> On 9/11/2016 8:55 AM, TE Dukes wrote:
>>> I have been using ipset to blacklist badbots. Works like a champ!
>>> The only problem is if I do a system reboot, I lose the ipset and the
>>> I changed /etc/sysconfig/iptables.conf to:
>>> And followed the instructions in:
>>> The changes are still not saved.
>> wild guess says, you need to ...
>> chkconfig on ipset
>> service ipset start
>> and when you change ipset stuff,
>> service ipset save
>> but I'm just guessing, I've never used ipsets.
>> john r pierce, recycling bits in santa cruz
> [Thomas E Dukes]
> I did not realize ipset was running as a service.
> Been trying figure out what was wrong for a couple weeks.
> Only way to know is to do a reboot and see what happens. Ipset save xxxxxx
> apparently doesn't really do anything.
> Thanks, again!!
John R Pierce's wild guesses are exactly right.
ipset is NOT running as a "traditional" service, however:
service ipset start|stop|save
load and save ipsets for you automagically.
Notice that it's "service ipset save" not "ipset save xxxx" as you had
Finally, and this is a bit of a corner case, but "service ipset save"
won't work if you don't have the "ip_set" kernel module loaded, that is
if your environment has the kernel modules compiled in to the kernel. See
lines 123 and 124 of /etc/rc.d/init.d/ipset
Easiest thing for me is to just comment out those two lines, however I
need to remember to comment them out again when the ipset rpm is updated.
More information about the CentOS