Yes I know I can add it to FW_REDIRECT in the config, but I really need to handle this on the CLI at run time (which the above statement does do), however… is there an iptables-save equivalent in SuSEfirewall2?
Just to be sure you understand, SuSEfirewall2 uses NetFilter, which is the
exact same technology that iptables uses. They are one and the same; the
only difference is that iptables does not do anything persistently (which
is good considering what it is) and SuSEfirewall2 is all about keeping
things the same across reboots (which is good considering what it is) but
in the end they are the same. As you make changes to your firewall in
YaST you will see those changes reflected as you run your iptables or
iptables-save commands.
So how do you make changes now as well as keep them persistent? Make them
now with iptables, and make them persistent by modifying the appropriate
SuSEfirewall2 config script. You could also write your own scripts to
manage the firewall (NetFilter) and disable SuSEfirewall2 completely if
you desired and that can be really useful for those wanting a lot of
customization power. I did this once and on a shutdown the current rules
are written out and then on startup they are read back in so setting
something dynamically leads to its persistence as long as the system shuts
down properly.
Good luck.
On 09/15/2010 09:06 AM, mgargiullo wrote:
>
> I’m looking for a programmatic way to run the equivalent of the below
> statement using SuSEfirewall2 and make it persistent:
>
> iptables -t nat -A PREROUTING -s 192.168.1.4/32 -p udp --dport 514 -j
> REDIRECT --to-ports 51414
>
> Yes I know I can add it to FW_REDIRECT in the config, but I really need
> to handle this on the CLI at run time (which the above statement does
> do), however… is there an iptables-save equivalent in SuSEfirewall2?
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
We’ll probably go that route. It’s gong to be a completely unmanned and implement these redirects based on rules. We had thought about just using iptables-save/restore, but was hoping to use the builtin tools… no worries.
On 09/16/2010 11:36 AM, mgargiullo wrote:
>
> We’ll probably go that route. It’s gong to be a completely unmanned and
> implement these redirects based on rules. We had thought about just
> using iptables-save/restore, but was hoping to use the builtin tools…
> no worries.
>
> Thanks Aaron.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/