On 10/25/2018 12:41 AM, Warren Young wrote: > to make them permanent, you have to edit `/etc/sysconfig/iptables` with a somewhat different syntax. Or use "service iptables save". On systems where I use raw iptables, I set the thing up with the command line tools and then use that command to snapshot the running firewall to the sysconfig file. I'm using firewalld now, but I still inspect the resulting iptables to see what it does. You can do this with "iptables-save > /tmp/iptables.txt". (That's the command that the initscript uses under the hood to save the boot-time sysconfig file.)