Rules created with the iptables command are stored in
memory. If the system is restarted before saving the
iptables rule set, all rules are lost. For netfilter
rules to persist through system reboot, they need to be saved. To do
this, log in as root and type:
/sbin/service iptables save |
This executes the iptables initscript, which runs the
/sbin/iptables-save program and writes the current
iptables configuration to
/etc/sysconfig/iptables. The existing
/etc/sysconfig/iptables file is saved as
/etc/sysconfig/iptables.save.
The next time the system boots, the iptables init
script reapplies the rules saved in
/etc/sysconfig/iptables by using the
/sbin/iptables-restore command.
While it is always a good idea to test a new iptables
rule before committing it to the
/etc/sysconfig/iptables file, it is possible to
copy iptables rules into this file from another
system's version of this file. This provides a quick way to distribute
sets of iptables rules to multiple machines.
 | Important |
|---|
| | If distributing the /etc/sysconfig/iptables file
to other machines, type /sbin/service iptables
restart for the new rules to take effect.
|
