Red Hat Linux 7.2: The Official Red Hat Linux Reference Guide | ||
---|---|---|
Prev | Chapter 18. Firewalling with iptables | Next |
Rules created with the iptables command are only stored in RAM. If you were to restart your system after setting up various iptables rules, they would be lost and you would need to retype them. If you want particular rules to take effect whenever your system boots, you need to save them to the /etc/sysconfig/iptables file.
To do this, arrange your tables, chains, and rules the way they should be the next time the system boots or iptables is restarted, and type the /sbin/service iptables save command as the root user. This causes the iptables init script to run the /sbin/iptables-save program and write the current iptables configuration to the /etc/sysconfig/iptables file. This file should only be readable by root, so your precise packet filtering rules are not viewable by average users.
The next time the system boots, the iptables init script will reapply the rules saved in /etc/sysconfig/iptables by using the /sbin/iptables-restore command.
While it is always a good idea to test a new iptables rule before committing it to the /etc/sysconfig/iptables file, it is possible to copy iptables rules into this file from another system's version of this file. This allows you to quickly distribute sets of iptables rules to many different machines at once. Simply restart iptables to make the new rules take effect.