[olug] forgive me, for i am lazy

Jon Larsen relayer at levania.org
Sun Aug 8 13:46:56 UTC 2010 

I'm still using a modified version of Adam's firewall script from his 
OLUG presentation as my firewall:

http://olug.org/presentations/December2004/

In your situation, you can make your modifications, run the shell 
script, then do a iptables-save, that should save the rules it to 
/etc/sysconfig/iptables

Jon L.

On 08/07/2010 11:33 PM, William Langford wrote:
> Currently it's a slackware box with a custom rc.foo.
>
> I could make a script to create the iptables file but that seems a tad kludgey...
>
> I don't mind it as a last resort tho.
>
> Sent from my iPhone
>
> On Aug 7, 2010, at 10:15 PM, Rob Townley<rob.townley at gmail.com>  wrote:
>
>> On Sat, Aug 7, 2010 at 8:48 PM, Will Langford<unfies at gmail.com>  wrote:
>>> i've not done much with a gateway / router type system under centos that
>>> needs to handle a half dozen ip's and interfaces.  stand alone on the
>>> internet sure (think simple web server or home server)... but nothing that
>>> acts as the beach head for a network of hundreds of machines...
>>>
>>> i tried for 10min to google this answer but was getting sick and tired of
>>> reading unrelated pages... anyone care to point me in the right direction ?
>>>
>>> i'm migrating this from a shell script and would like to possibly get it set
>>> up entirely from /etc/sysconfig/iptables ?
>>>
>>> is it possible to do bash style variable assignment in this file ?
>>>
>>> in the shell script, i have interfaces and ip addresses assigned to
>>> variables and then those variables used throughout the 7 page script.  i'd
>>> really prefer to keep using variables in sysconfig/iptables as well...
>>>
>>> -will
>>> _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> https://lists.olug.org/mailman/listinfo/olug
>>>
>>
>> So if you have a bash script that generates the
>> /etc/sysconfig/iptables file like
>> http://www.adamhaeder.com/sample_firewall.html,
>> then why are variables needed in iptables itself?
>>
>> Now, that i look at this again, i don't see a COMMIT at
>> the end.
>>
>> Anything touching this file will probably sound off all kinds of
>> silent selinux alarm bells,
>> remember the capital Z in ls -Z to get selinux labels and sestatus.
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug


-- 
Jon H. Larsen  - relayer -at- levania -dot- org
Blog - http://www.levania.org/~relayer/
VP of Community Development, Omaha Linux Users Group - http://www.olug.org/
AnimeSunday.org - http://www.animesunday.org/
GPG/PGP Pubkey - http://www.levania.org/~relayer/relayerpubkey.txt

More information about the OLUG mailing list