On 07/02/2014 19:06, ab wrote:

> Rules put in place by the 'iptables' command are implemented immediately,
> but are only in memory so they are only as persistent as of right now.
> When you restart the firewall it flushes everything and builds from
> more-permanent settings in the Firewall configuration stuff stored in
> /etc/sysconfig/SuSEfirewall2 which is probably how you should try to drop
> things initially assuming there is a directive in there which meets your
> needs (create a backup of the file before tinkering in there, of course).
>
> Inside that file you may find something like this:
>
> Code:
> --------------------
> ## Type: string
> #
> # 25.)
> # Do you want to load customary rules from a file?
> #
> # This is really an expert option. NO HELP WILL BE GIVEN FOR THIS!
> # READ THE EXAMPLE CUSTOMARY FILE AT
> /etc/sysconfig/scripts/SuSEfirewall2-custom
> #
> #FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
> FW_CUSTOMRULES=""
> --------------------
>
> If you set this to something and then put your iptables commands in there
> I think your firewall restarts will cause those rules to be executed and
> you'll keep your settings. I've not tried this in quite a while, so
> proceed with caution and some tinkering may be in order. Let us know how
> it goes, please.


My approach is to save custom firewall rules via "iptables-save >
/etc/iptables.local" and then add "iptables-restore -c <
/etc/iptables.local" to /etc/init.d/local so they get load at server
startup.

HTH.
--
Simon
SUSE Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------