Bug 175947
Summary: | /etc/init.d/iptables should read two rules files | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Chris Lumens <clumens> |
Component: | iptables | Assignee: | Thomas Woerner <twoerner> |
Status: | CLOSED NOTABUG | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | maxim.britov |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-01-27 14:04:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 138143, 177950 |
Description
Chris Lumens
2005-12-16 17:04:54 UTC
In my opinion it is not a good idea to use more than one config file for iptables, because there can be strange combinations this way, that would be very difficult to detect or explain to users. system-config-securitylevel should get enhanced to be able to parse existing /etc/sysconfig/iptables files. I use simple script for iptables. And several files like init.d/ 10-raw 20-nat 30-input ... and use file for sed substitution like: s/$extif/eth0/ Script: #!/bin/ash ipt_home=/etc/ipt-script rm $ipt_home/ipt-final touch $ipt_home/ipt-final for table_file in `find $ipt_home -regex ".*[0-9][0-9].*$"|sort` ; do sed -f $ipt_home/ipt-sed $table_file >>$ipt_home/ipt-final ; done cat $ipt_home/ipt-final |/sbin/iptables-restore This is no iptables problem. Closing as "NOT A BUG". |