Archive for December, 2010

Using iptables-save

Posted: December 9, 2010 in Devops, System Engineering

I just lost my netfilter persistance file (/etc/sysconfig/iptables) becuase I used /usr/bin/system-config-securitylevel-tui.
I see two options now:

  1. Edit /etc/sysconfig/iptables and then restart, or
  2. Use /sbin/iptables to insert rules then save with /sbin/iptables-save

I’m going for option 2, as I can create a backup of the config at the same time doing this:

example rule to allow port tcp/80:

/sbin/iptables -I RH-Firewall-1-INPUT 10 
    -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
test -d /var/backup/iptables || mkdir -p /var/backup/iptables
/sbin/iptables-save | /usr/bin/tee /etc/sysconfig/iptables 
    /var/backup/iptables/iptables-sysconfig-$(date +%s)