This command is working like a charm. The only problem is, for some unknown reasons, this rule will be dropped at some point.
I did not manage to identify what is causing this to happen. It usually occurs during night, but I have nothing about that in my log files. (messages / firewall / …)
The only way I managed to reproduce this ‘dropping’ is this one:
I type the command like as root. The command is effective and working fine.
I open yast, I go to the firewall module, the I do a simple “save changes and restart firewall” (without changing anything).
As soon as this process is finished, the iptables rule is gone.
So the question is :
-How can I make this rule permanent ?
-Is there a place where I can launch a script executing this rule, after the yast firewall module is ‘touched’ or something ?
thanks a lot in advance for your answers and sorry for my english
You must understand that iptables rules are only stored temporarily in the running kernel and disappear when the OS is shutdown. Any rules you want to be activated at boot must be specified in the initialisation. When you restart the firewall service, it flushes all the rules in the kernel and reloads the ones in the initialisation script, which will not have your rule. Therefore you should add your rule to the standard set rather than insert a rule manually and expect it to persist.
You can edit the firewall rules using YaST. If that does not cater for you needs, you can edit /etc/sysconfig/SuSEfirewall2. It is well commented. After editing, restart the firewall from YaST.
PS: The firewall rules probably got flushed and reloaded when your network interface address changed, e.g. you are using DSL. There are other situations where this reload happens. It doesn’t cause a problem if your rule is added to the configuration.
Of course. To be honnest, I’ve been ‘browsing’ a lot of files, but not this one. I wasn’t aware this was the one to edit. Anyway, I found the redirection section, set my rule there and… it works. Thank you for the tips!
Indeed, that was the file to look into. This is done and the rule is now working, thanks also for your suggestion. I understood the rule was loaded into memory, then flushed somehow. I was thinking there was some kind of place to put a script to read custom iptable rules, after the firewall is launched or sth, but… yeah, that was pretty… an ugly thing to do. I’m using a fixed ip, I really have no clue about what was happenning, but I don’t need to know now.
A BIG thank you both of you for your precious suggestions and very prompt replies.
