Bug 129346 - Option to disable "save" command in iptables init.d script
Option to disable "save" command in iptables init.d script
Product: Fedora
Classification: Fedora
Component: iptables (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Ben Levenson
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2004-08-06 14:50 EDT by Aleksandar Milivojevic
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-08-09 11:03:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Aleksandar Milivojevic 2004-08-06 14:50:36 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Gecko/20040626 Firefox/0.9.1

Description of problem:
This is a feature request.

It would be nice to have configuration option to disable "save"
command in /etc/init.d/iptables script by using
/etc/sysconfig/iptables-config file.  Something along the lines of:


This would be handy for experienced/advanced system administrator that
wish to build /etc/sysconfig/iptables file by hand and not to have to
worry that the file might get overwritten by /etc/init.d/iptables
script.  Other utilities that might overwrite /etc/sysconfig/iptables
might use this configuration option too.  IPTABLES_DISABLE_SAVE option
should override values of IPTABLES_SAVE_* options from iptables-config

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. /etc/init.d/iptables save

Additional info:
Comment 1 Thomas Woerner 2004-08-09 11:03:21 EDT
If you do not want to overwrite /etc/sysconfig/iptables, then do not
start service iptables save. /etc/sysconfig/iptables-config is only
useful for the iptables startup-script.

Other applications must not modify /etc/sysconfig/iptables, except of

It is not useful to define a variable in
/etc/sysconfig/iptables-config which overrides other variables in the
same file.

Closing as "NOT A BUG"
Comment 2 Aleksandar Milivojevic 2004-08-09 12:06:15 EDT
This was more along the lines of preventing sysadmin of making a typo
(or second sysadmin invoking iptables save or
system-config-securitylevel on system where it shouldn't be done). 
Kind of making it more failsafe.  iptables save and
sysctem-config-securitylevel are destructive, and there's no failsafe
in case they were invoked by error/mistake/lack of communication.  I
saw a value in having it.
Comment 3 Thomas Woerner 2004-08-09 12:18:45 EDT
system iptable save does this:

save() {
        if [ -e $IPTABLES_DATA ]; then
            cp -f $IPTABLES_DATA $IPTABLES_DATA.save \
                && chmod 600 $IPTABLES_DATA.save \
                || ret=1

It is making a copy before stroring new data.

Note You need to log in before you can comment on or make changes to this bug.