[12.1] iptables vs. yast-firewall

suse_paul · November 19, 2012, 1:18pm

Hi,

so far I had allowed certain ports via the yast firewall module.
now I want to block these ports for certain countries via iptables.

I assume/fear that every run of the (yast-)firewall module will overwrite my “manual” iptables settings.
Is that true?
If yes, how/where can I put my iptables-script so that it will be called after every run of the yast-firewall module?
(I use systemV!! - how would a solution differ if I used systemd?)
is there a more elegant solution?

where would I put my iptables-script for being called after boot? (systemV or systemd) or would that be solved autmomatically be the above solution?

thanx
paul

glistwan · November 19, 2012, 1:55pm

I’m bot sure if it still works the same way but you may want to look at this :
http://forums.opensuse.org/archives/sls-archives/archives-linux-tweaks/archives-tips-tricks-tweaks/381772-how-add-additional-ip-rules-suse-firewall.html#post1793293

Either way you are correct in thinking that the rules will be overwritten every time. If you use the custom rules explained above I believe this should work regardless of whether you use systemd or systemV. I have never tried this myself though.

robin_listas · November 19, 2012, 3:32pm

On 2012-11-19 13:26, suse paul wrote:
> where would I put my iptables-script for being called after boot?


/etc/sysconfig/scripts/SuSEfirewall2-custom

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” (Minas Tirith))