[ale] rc.local

Bob Toxen transam at verysecurelinux.com
Wed May 31 17:26:37 EDT 2006


On Wed, May 31, 2006 at 10:06:31AM -0400, Geoffrey wrote:
> Terry Bailey wrote:
> > Thanks, guys, that really fixed things.  Do you know if 
> > "/etc/sysconfig/iptables" and "service iptables save" work on SUSE 10?  If 
> > so, I plan to remove Fedora and reinstall SUSE.

> To my knowledge, the application service does not exist on SuSE.
It's hardly an application.  The /etc/rc.d/rc3.d/S##iptables script
just scans the /etc/sysconfig/iptables file and, for rules, puts
the text "/sbin/iptables " in front of it and executes.  S##iptables's
"save" feature just does "iptables -n -L" and parses into the /sbin/iptables
format.

You are FAR better off just creating your shell script containing your
iptables rules.

Btw, SuSE has firewall2 (maybe firewall3 or 4 by now) that is a real
wrapper for IP Tables.  I'm not impressed with it either because the
rules it builds are so convoluted that it is impossible to know what
really is allowed.  Build your own rules or copy them out of your copy of
"Real World Linux Security".

> -- 
> Until later, Geoffrey

> Any society that would give up a little liberty to gain a little
> security will deserve neither and lose both.  - Benjamin Franklin
We sure need Ben's wisdom now!

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002



More information about the Ale mailing list