On 07/02/2014 19:06, ab wrote:

> Rules put in place by the 'iptables' command are implemented immediately,
> but are only in memory so they are only as persistent as of right now.
> When you restart the firewall it flushes everything and builds from
> more-permanent settings in the Firewall configuration stuff stored in
> /etc/sysconfig/SuSEfirewall2 which is probably how you should try to drop
> things initially assuming there is a directive in there which meets your
> needs (create a backup of the file before tinkering in there, of course).
> Inside that file you may find something like this:
> Code:
> --------------------
> ## Type: string
> #
> # 25.)
> # Do you want to load customary rules from a file?
> #
> # This is really an expert option. NO HELP WILL BE GIVEN FOR THIS!
> /etc/sysconfig/scripts/SuSEfirewall2-custom
> #
> #FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
> --------------------
> If you set this to something and then put your iptables commands in there
> I think your firewall restarts will cause those rules to be executed and
> you'll keep your settings. I've not tried this in quite a while, so
> proceed with caution and some tinkering may be in order. Let us know how
> it goes, please.

My approach is to save custom firewall rules via "iptables-save >
/etc/iptables.local" and then add "iptables-restore -c <
/etc/iptables.local" to /etc/init.d/local so they get load at server

SUSE Knowledge Partner

If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.