How to add an iptable policy manually?

vistac · August 22, 2012, 11:04am

Hi,
I enabled a PPTP VPN on my SLES 11.1, and I want to add a iptables policy like below:
iptables -I FORWARD -s 192.168.1.0/24 -j ACCEPT
I don’t know how to add this kind of forward policy in yast2/yast firewall tool,
so I just add it in rc.local. now I found every few seconds later, this policy will gone,
I don’t know what application remove it, so my solution is use screen to run this command
“watch -n 5 iptables -I FORWARD -s 172.17.1.0/24 -j ACCEPT”.
seems this is a stupid solution, does any one know how to solve this issue? please help me.
thanks.

system · August 22, 2012, 4:20pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On a normal setup the firewall is definitely not changed every few
seconds, but if you are loading Yast and doing other things with the
firewall, or if you are restarting the firewall service, or anything
like that then those operations will refresh the firewall per Yast’s
configuration.

Since you seem to know what you’re doing, check out
/etc/sysconfig/SuSEfirewall2 and see if one of the directives in there
can accept, in some form, your rule. A lot of common options, which are
not available in the Yast UI afaik, are available in that file and, if
set, they will be executed whenever the system changes the Firewall on
its own which means your rule should stay persistent, even across reboots.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQNNyAAAoJEF+XTK08PnB55lEP/RDyznxx2Wg1Y4ud4Ewn8BBj
DfGvuJUykq/CvQSuEQ6ULb70XhUpxXq0Ns/yRxkzcRYq+vUHQCGPbh2Ch1D5skHo
em+p2XZKla2I7HnOYbCn/AeVPSXTDxW1fXTn05IvzJ5vaEMMXgqw/CGSkJIDxaul
u1MPHYlgtX6J4A3VnD1rU4SLQRbVXyFp6r89o1EDgxeBmyBPz3dD0Zi2U0vS55Ap
PhEH1QmUlQCwiGxC7F+TFREKIPi/kji0w6aomFcMXOTh0clxvRaSj5qv/AUiP49k
Quqdf1DtnEkx0qe8dIC6Kx5yoTpG0sJIT/QEAG/ZrvVzMx6xE8hfx0jcm25VvG/T
7nmRxxNirl1G3oBv7uQhj1mO7ij+msWqz6FvVZDs6wqNwLfKJMvKdFV2BfiDD02I
crHB9FJuuiq02DWxAmygb+pTKT9LVNRxBeCQ1T/Ff6lUXKNt8n5BOO6hQzfOrlsU
MTUDTVRge9kAZE1bpExWdEYRZdhqyNcCDodjDOhg/9hLeg91nefPCZWNSpGWhzqd
im2OR52p7tfxewh1EjEbrhz27L9/RFs4bwrSNZgs5NaKT1BVW1BtXYGMUd0jXuY1
VY2OWd/+GQmDGhcKWBd7dfVohe6y5zxUUlGw6bA3OsvEhVRUpLjT4USTnj+nhvgT
xKPeudnQCbhU1OJL32Xw
=RCVa
-----END PGP SIGNATURE-----

Simeonof · September 17, 2012, 12:57pm

You may also try to use FW Builder instead of SuSEfirewall. Works like a charm: http://www.fwbuilder.org/ .

Topic		Replies	Views
SLES15 Iptable rule SLES Networking	2	1005	November 8, 2020
make ip route and ip rule permanent on SLES15 SP1 SLES Networking	1	2554	November 27, 2019
SLES15 Default Iptable rule causing issue SLES Networking	6	630	November 27, 2020
Cannot enable IPSec in Yast firewall configuration SLES Networking	1	220	July 19, 2012
iptable rules SLES Networking	4	217	April 12, 2015

How to add an iptable policy manually?

Related Topics