I enabled a PPTP VPN on my SLES 11.1, and I want to add a iptables policy like below:
iptables -I FORWARD -s 192.168.1.0/24 -j ACCEPT
I don’t know how to add this kind of forward policy in yast2/yast firewall tool,
so I just add it in rc.local. now I found every few seconds later, this policy will gone,
I don’t know what application remove it, so my solution is use screen to run this command
“watch -n 5 iptables -I FORWARD -s 172.17.1.0/24 -j ACCEPT”.
seems this is a stupid solution, does any one know how to solve this issue? please help me.
-----BEGIN PGP SIGNED MESSAGE-----
On a normal setup the firewall is definitely not changed every few
seconds, but if you are loading Yast and doing other things with the
firewall, or if you are restarting the firewall service, or anything
like that then those operations will refresh the firewall per Yast’s
Since you seem to know what you’re doing, check out
/etc/sysconfig/SuSEfirewall2 and see if one of the directives in there
can accept, in some form, your rule. A lot of common options, which are
not available in the Yast UI afaik, are available in that file and, if
set, they will be executed whenever the system changes the Firewall on
its own which means your rule should stay persistent, even across reboots.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
You may also try to use FW Builder instead of SuSEfirewall. Works like a charm: http://www.fwbuilder.org/ .