I am quite new to SUSE and I would like to change one rule in the iptables, however, I am not able to understand where is the file which contains the iptables rules which SUSE uses to configure iptables when booting.
I looked into /etc/sysconfig/SuSEfirewall2 but all the variables there have empty values and my iptables are not empty when I boot. Does anybody know?
SuSEfirewall2 is basically a way to configure the system’s firewall
(NetFilter) in a way that is more-intuitive than hacking iptables commands
directly, so while at the end of the day you have the same firewall setup,
there is not normally any file that has iptables commands within.
While you’ve asked an interesting technical question, I would recommend
that you include, in the future, the business case behind the technical
case, such as, “I want to allow SSH traffic to this box for remote access
or file copying or something.” so that, we can try to help you with that
in addition to providing the information above.
With all of that written, you can create a file of custom iptables
commands to extend what is setup by SuSEfirewall2 via this directive in
the file you mentioned:
## Type: string
#
# Do you want to load customary rules from a file?
#
# This is really an expert option. NO HELP WILL BE GIVEN FOR THIS!
# READ THE EXAMPLE CUSTOMARY FILE AT
/etc/sysconfig/scripts/SuSEfirewall2-custom
#
#FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
FW_CUSTOMRULES=""
As the notes indicate, I would strongly recommend pursuing other options
first, as it is likely you can do what you want without resorting to
custom commands, which means the system may be more-easily configured, or
reconfigured, via Yast or other tools maintaining your command as desired.
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…
Thanks! Your answer fixed my problem however, I am still curious to understand where does SUSE save the iptables config. It must be in a file or database which it queries when booting in order to write the rules I see. Do you know where it is saved?
The file you found has the configuration, but as you can see it is not
merely a set of iptables commands. As you are probably aware based on
your question, you can get the current iptables settings using the
following commands:
/usr/sbin/iptables -nvL
/usr/sbin/iptables-save
To configure the firewall otherwise, use Yast, either from a GUI, in
ncurses (terminal) mode, or using the command line options to
add/remove/configure services/zones/etc.
yast firewall
Make a change in there, and then look at the /etc/sysconfig/SuSEfirewall2
file and notice the changes; they should all be in there.
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…