IPtable rules get flushed while network configuation changes using Yast

Hi,

I have some custom IPTABLE rule inserted while system boot. When i change IP(from DHCP to static or static to static), YAST flushes my iptables rules.

Is there any setting to keep iptables rules as it is ?

Rakesh

You can add your rules to the custom iptables rules file which is
mentioned in the /etc/syscontig/SuSEfirewall2 file (search for ‘custom’ I
think) which should then apply those changes whenever the firewall changes
state.


Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

It’s been well known since “forever” that YAST will almost always wipe out any custom configuration changes you make manually to IPTABLES files.

Solutions:

  • Enter your configurations entirely using the YAST SUSE FW applet.
  • Don’t use YAST SUSE FW at all. After all, it’s just one available tool for manage iptables. There are alternatives even in the OSS. Or, just make your changes and stop/start/restart iptables manually.

TSU

Is there any yast configuration that can maintain iptables rules as it is?

Rakesh

QUOTE=tsu2;2713093]It’s been well known since “forever” that YAST will almost always wipe out any custom configuration changes you make manually to IPTABLES files.

Solutions:

  • Enter your configurations entirely using the YAST SUSE FW applet.
  • Don’t use YAST SUSE FW at all. After all, it’s just one available tool for manage iptables. There are alternatives even in the OSS. Or, just make your changes and stop/start/restart iptables manually.

TSU[/QUOTE]

If they were created outside of YAST originally, there is no guarantee that those configurations would be preserved.
Depending on what kind of changes, maybe they can opened separately and copied/written into the YAST applet?

TSU

On 6/1/2015 2:06 PM, tsu2 wrote:
>
> raxpatel;2713118 Wrote:
>> Is there any yast configuration that can maintain iptables rules as it
>> is?
>>
>> Rakesh
>>
>>> tsu2;2713093 Wrote:
>>> It’s been well known since “forever” that YAST will almost always wipe
>>> out any custom configuration changes you make manually to IPTABLES
>>> files.
>>>
>>> Solutions:
>>> - Enter your configurations entirely using the YAST SUSE FW applet.
>>> - Don’t use YAST SUSE FW at all. After all, it’s just one available tool
>>> for manage iptables. There are alternatives even in the OSS. Or, just
>>> make your changes and stop/start/restart iptables manually.
>>>
>>> TSU> >
>
> If they were created outside of YAST originally, there is no guarantee
> that those configurations would be preserved.
> Depending on what kind of changes, maybe they can opened separately and
> copied/written into the YAST applet?
>
> TSU
>
>
raxpatel;

SuSEfirewall2 regenerates the IP tables according to the rules in /etc/sysconfig/SuSEfirewall2. These rules are
ordinarily created by YaST2. There are provisions for custom rules. Place your custom rules in the file
/etc/sysconfig/scripts/SuSEfirewall2-custom. The only documentation for this feature are in the comments found in
that file. You should make a copy of that file before you edit it.

The actual name of the custom rules folder is configurable and may be set with YaST2 > System > /etc/sysconfig Editor.
(Network > Firewall > SuSEfirewall2 > FW_CUSTOMRULES).

Note: I noticed that the contents of FW_CUSTOMRULES on 13.2 is now blank, so you may need to set that value even if you
use /etc/sysconfig/scripts/SuSEfirewall2-custom; at one time it defaulted to that value and may still, I’ve not had
reason to check this.

P.V.
“We’re all in this together, I’m pulling for you” Red Green

On 6/2/2015 12:03 AM, PV wrote:
> On 6/1/2015 2:06 PM, tsu2 wrote:
>>
>> raxpatel;2713118 Wrote:
>>> Is there any yast configuration that can maintain iptables rules as it
>>> is?
>>>
>>> Rakesh
>>>
>>>> tsu2;2713093 Wrote:
>>>> It’s been well known since “forever” that YAST will almost always wipe
>>>> out any custom configuration changes you make manually to IPTABLES
>>>> files.
>>>>
>>>> Solutions:
>>>> - Enter your configurations entirely using the YAST SUSE FW applet.
>>>> - Don’t use YAST SUSE FW at all. After all, it’s just one available tool
>>>> for manage iptables. There are alternatives even in the OSS. Or, just
>>>> make your changes and stop/start/restart iptables manually.
>>>>
>>>> TSU> >
>>
>> If they were created outside of YAST originally, there is no guarantee
>> that those configurations would be preserved.
>> Depending on what kind of changes, maybe they can opened separately and
>> copied/written into the YAST applet?
>>
>> TSU
>>
>>
> raxpatel;
>
> SuSEfirewall2 regenerates the IP tables according to the rules in /etc/sysconfig/SuSEfirewall2. These rules are
> ordinarily created by YaST2. There are provisions for custom rules. Place your custom rules in the file
> /etc/sysconfig/scripts/SuSEfirewall2-custom. The only documentation for this feature are in the comments found in
> that file. You should make a copy of that file before you edit it.
>
> The actual name of the custom rules folder is configurable and may be set with YaST2 > System > /etc/sysconfig Editor.
> (Network > Firewall > SuSEfirewall2 > FW_CUSTOMRULES).
>
> Note: I noticed that the contents of FW_CUSTOMRULES on 13.2 is now blank, so you may need to set that value even if you
> use /etc/sysconfig/scripts/SuSEfirewall2-custom; at one time it defaulted to that value and may still, I’ve not had
> reason to check this.
OOPS:

I see the YaST2 module for Firewall now has a tab for entering custom rules but it seems to be very general . Sorry for
the extra noise.


P.V.
“We’re all in this together, I’m pulling for you” Red Green