iptables

Richard Wilson r.wilson9 at cox.net
Tue Apr 11 21:11:54 MST 2006 

Michael and all,

iptables saves (not automatically) its configuration rules in a file
called "iptables"  Under Red Hat, Fedora, Aurora and Gentoo (iirc), it's
in /etc/sysconfig -- I am not familiar with other versions.

When the system startup starts iptables, it applies the rules it finds
in this file.  To update this file, you *can* edit it by hand, but the
best way is to use the iptables commands (or one of the several GUI's
that manipulate iptables) and then save the results with the command
"iptables-save > /etc/sysconfig/iptables" (a GUI *should* do this for
you...)

Thus an upgrade shouldn't mess with your rules but should preserve them
and add capabilities.  Some of the new capabilities that have shown up
include a throttling mechanism that almost makes it safe to open inbound
SSH on an Internet facing server.  Basically you can permit X number of
login attempts from IP Y during delta time Z and then block all access
from IP Y if it's fails more than X times for time period A.  X, Y, Z
and A are all values you can set.  There are other enhancements as well,
that one sticks in my mind.

HTH,

Richard Wilson
-----------------------------------------------------------------
On Tue, 2006-04-11 at 17:32 -0700, Michael wrote:
> If i were to apt-get install iptables and it were to upgrade iptables would 
> the new install preserve my exhisting table. Is there any benefit to doing 
> so?  (iptables version 1.2.9)
> 
> I was just inspecting my exhisting table and I think that It doesn't really 
> matter if I upgrade it or not. I suppose that I'm just wondering. or am I 
> wandering? Point to ponder:-)
> 
> if it matters I can share my ip table but I don't know if that is a goodw idea 
> on a public forum. 
> 
> I find it interesting, however, that cox has been automatically added to my 
> table. The addres is different though:  ip68-2-116-123.ph.ph.cox.net
> Interesting. Why does it not look like an ipv4 address?
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

More information about the PLUG-discuss mailing list