different iptables rules in config file and $ipbables -L

linderox · n00b Joined: 03 Jun 2007 Posts: 41

I have Gentoo router.there is a problem that i don't know where to find config file for my iptables, i know some places,but
all tables in this configs have no any similarity with a comand iptables -L

I found several files
/etc/init.d/iptables #run script

/etc/conf.d/iptbales # here there is a line
IPTABLES_SAVE="/var/lib/iptables/rules-save"

/var/lib/iptables/rules-save

Sadako · Posted: Fri Nov 23, 2007 10:24 am Post subject:

Simply use iptable-save rather than iptables -L to get the rules that would be used in a config file.
_________________
"You have to invite me in"

linderox · n00b Joined: 03 Jun 2007 Posts: 41

read topic more attentivly!
I know that it is easy... and i want to use this way,but how if run script doesn't use this file
I told that in rules-save rules different then now is working!
and i dont know where to find file to edit rules! Look higher!!!!

Sadako · Posted: Fri Nov 23, 2007 10:49 am Post subject:

I'm still not sure what you're problem is, so I'll try to describe how it works.

/etc/init.d/iptables is the script which starts and stops iptables (basically loads or flushes the rules).

/etc/conf.d/iptables is the file which stores certain variables used by the script in init.d, including which file to store the rules in (IPTABLES_SAVE).

This is what I think you are failing to grasp; all the configuaration files in /etc/conf.d are automatically sourced by the corresponding scripts in /etc/init.d.

The best way to manipulate this is to add or remove the rules you want manually, via `iptables -A` or whatever, and then running `/etc/init.d/iptables save` will save them to the IPTABLES_SAVE file for you.

You can of course edit the IPTABLES_SAVE file manually too.
_________________
"You have to invite me in"

Dagger · Retired Dev Joined: 11 Jun 2003 Posts: 765 Location: UK

from what I can see there you have 2 different sets of rules. One was created my /etc/ini.d/iptables save and it's located in /var/lib/iptables/rules-save (and it is NOT in use now) and the other one had to be added manually or initiated by external script (which IS loaded - you can see it with iptables -L).

I would check rc-update show to check what is starting automatically and check /etc/conf.d/local.start

btw
using !!! and rude answers are not the best way to treat people who are trying to help you...
_________________
95% of all computer errors occur between chair and keyboard (TM)
Join the FSF as an Associate Member!
Post under CC license.

linderox · n00b Joined: 03 Jun 2007 Posts: 41

I know that there are 2 ways to add rule.
But when system starting after restarting they taking rules from some other place and i want to know from which, cause when i'm editing IPTABLES_SAVE it doesn't work aftrer reboot!

there are no anything inside /etc/conf.d/local.start and local.stop

Dagger · Retired Dev Joined: 11 Jun 2003 Posts: 765 Location: UK

please post your rc-update show
_________________
95% of all computer errors occur between chair and keyboard (TM)
Join the FSF as an Associate Member!
Post under CC license.

linderox · n00b Joined: 03 Jun 2007 Posts: 41

Thank you for everybody! The place was there:
/etc/runlevels/default/fwsetup
There is a link to a firewall script!