On Tue, Nov 19, 2002 at 11:15:47AM -0800, Rick Johnson wrote: > [EMAIL PROTECTED] wrote: > | > | I just set up iptables on my cable cnxn (Works great!), and one of the > | items left sort of open was exactly where the iptables rules should be > | placed in order to have them run at startup time. > | I think the suggested place for them was in /etc/rc/ directory in either > | rc.sysinit or rc.local. > > Easiest way to save IPTABLES is as follows: > Run your IPTables script once. > Then - run service iptables save. This saves the rules to > /etc/sysconfig/iptables (with the iptables-save command). > Then chkconfig iptables on. > Now iptable starts when other services start during runlevels 2-5 and you > didn't just reinvent Red Hat's wheel :-)
Hi Rick, Thank you! This is a nice clean solution. It integrates so well with the existing system thats its almost like someone designed it that way.... :-) Does anybody know if there is a "gap" in coverage between the time the network is started up and the time the iptables rules become active ? Or put more directly - is there any chance that a network based attack can have time to succeed between the time the networking starts up and the time the iptables filtering goes into effect ? -- Jeff Kinz, Emergent Research, Hudson, MA. "[EMAIL PROTECTED]" "[EMAIL PROTECTED]" copyright 2002. Use is restricted. Any use is an acceptance of the offer at http://users.rcn.com/jkinz/policy.html. (o- -o) //\ eLviintuaxbilse /\\ V_/_ _\_V -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
