you helped me clear ideas
thanks for everything
2013/10/10 Reindl Harald <h.reindl at thelounge.net>
>
> Am 10.10.2013 16:13, schrieb Paolo De Michele:
> > sorry, but now if I modify /etc/sysconfig/iptables and I add two
strings,
> > per example:
> >
> > output omitted
> > -----
> > -A INPUT -s ddns.no-ip.org -p icmp -j ACCEPT
> > -A INPUT -j DROP
> > ------
> > output omitted
> >
> > and I do:
> >
> > service iptables save
> > and
> > restart my iptables firewall, output iptables -L is:
> >
> > -A INPUT -j DROP
> > -A INPUT -s ddns.no-ip.org -p icmp -j ACCEPT
> >
> >
> > why?
>
> *why* you you mangle around in /etc/sysconfig/iptables
> this file is written by "service iptables save"
>
> this file is *read* at iptables *startup* and written with
> the *currently* active rules with "service iptables save"
>
> man iptables
> _______________________________________
>
> #!/bin/bash
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
> iptables -F
> iptables -X
> CHAINS=`cat /proc/net/ip_tables_names 2>/dev/null`
> for i in $CHAINS; do iptables -t $i -F; done && echo "Flush
OK" || echo
> "Flush FAILED"
> for i in $CHAINS; do iptables -t $i -X; done && echo "Clear
OK" || echo
> "Clear FAILED"
> for i in $CHAINS; do iptables -t $i -Z; done
> iptables -A INPUT -p icmp -s 64.39.31.103 -j ACCEPT
> iptables -A INPUT -j DROP
> service iptables save
> _______________________________________
>
> BTW:
> nobody but you is using hostnames for iptables-rules because it is a pretty
> dumb idea to rely on a working name resolution in realy boot
>
>