Manualshelf

User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE
101102103104105106107108109110
IPTables Control Scripts
93
value of IPTABLES_STATUS_NUMERIC to no. Refer to Section 2.6.4.1, “IPTables Control Scripts
Configuration File” for more information about the iptables-config file.
panic — Flushes all firewall rules. The policy of all configured tables is set to DROP.
This option could be useful if a server is known to be compromised. Rather than physically
disconnecting from the network or shutting down the system, you can use this option to stop all
further network traffic but leave the machine in a state ready for analysis or other forensics.
save — Saves firewall rules to /etc/sysconfig/iptables using iptables-save. Refer to
Section 2.6.3, “Saving IPTables Rules” for more information.
Note
To use the same initscript commands to control netfilter for IPv6, substitute ip6tables for
iptables in the /sbin/service commands listed in this section. For more information about
IPv6 and netfilter, refer to Section 2.6.5, “IPTables and IPv6”.
2.6.4.1. IPTables Control Scripts Configuration File
The behavior of the iptables initscripts is controlled by the /etc/sysconfig/iptables-config
configuration file. The following is a list of directives contained in this file:
IPTABLES_MODULES — Specifies a space-separated list of additional iptables modules to load
when a firewall is activated. These can include connection tracking and NAT helpers.
IPTABLES_MODULES_UNLOAD — Unloads modules on restart and stop. This directive accepts the
following values:
yes — The default value. This option must be set to achieve a correct state for a firewall restart or
stop.
no — This option should only be set if there are problems unloading the netfilter modules.
IPTABLES_SAVE_ON_STOP — Saves current firewall rules to /etc/sysconfig/iptables when
the firewall is stopped. This directive accepts the following values:
yes — Saves existing rules to /etc/sysconfig/iptables when the firewall is stopped,
moving the previous version to the /etc/sysconfig/iptables.save file.
no — The default value. Does not save existing rules when the firewall is stopped.
IPTABLES_SAVE_ON_RESTART — Saves current firewall rules when the firewall is restarted. This
directive accepts the following values:
yes — Saves existing rules to /etc/sysconfig/iptables when the firewall is restarted,
moving the previous version to the /etc/sysconfig/iptables.save file.
no — The default value. Does not save existing rules when the firewall is restarted.
IPTABLES_SAVE_COUNTER — Saves and restores all packet and byte counters in all chains and
rules. This directive accepts the following values:
yes — Saves the counter values.
no — The default value. Does not save the counter values.