[CS-FSLUG] Firewall fights
Stephen J. McCracken
smccracken at hcjb.org.ec
Wed Jan 25 10:30:26 CST 2006
> The rules for FreeBSD are based on IPFW, and I can't discern how to
> translate that to IPTables. The rules in CentOS are script-based, though
> hardly so involved as the SUSE Firewall2. There is no simple rule stack
> I can just copy over.
Actually, there is (it's just not obvious). When any iptables firewall
is running the rules are loaded in memory.
You can use the command "iptables-save" and it prints the currently
loaded ruleset to standard out. So with a quick "iptables-save >
myrules.out" you have the rule stack saved and ready to move to another
box. There is an equivalent "iptables-restore" command to load such
saved rulesets, so an "iptables-restore < myrules.out" will load the
saved ruleset.
This has an added advantage in efficiency. With scripting, every time
the iptables command is used the rules are read from memory, the changed
applied and the rules loaded back in memory. In your simple script you
posted, this would happen 19 times (each call to the iptables command).
Using iptables-restore, the whole ruleset is read, changed all at once,
and then applied.
sjm
P.S. If I remember correctly, with most Redhat distros (probably in
CentOS) this iptables-save file is /etc/sysconfig/iptables and the
init.d scripts load this file. Check on your CentOS box to see if you
have this file already.
More information about the Christiansource
mailing list