Where is the iptables config file?

huxflux · 06-18-2006, 12:53 AM

In Fedora or MDK that file is in /etc/sysconfig/iptables . but where is it in suse?

thx

jschiwal · 06-18-2006, 01:44 AM

You will probably want to read:

/usr/share/doc/packages/SuSEfirewall2/README and /etc/sysconfig/SuSEfirewall2

before studying /sbin/SuSEfirewall2

huxflux · 06-18-2006, 09:17 AM

yeah.. thanks for nothing.

UK MAdMaN · 06-18-2006, 11:06 AM

Well, you're gonna get a lot of help with that attitude.

jschiwal · 06-20-2006, 05:24 AM

A statefull firewall is setup dynamically using the scripts I mentioned, and not from a static table.

From the FAQ file in /usr/share/doc/packages/SuSEfirewall2/:

Quote:

13. Why is SuSEfirewall2 so slow? / Can't you just use iptables-restore?

SuSEfirewall2 is implemented in bourne shell which is not exactly the fastest
thing on earth especially if it has that much work to do as SuSEfirewall2.
Administrators still prefer bourne shell scripts because of readability *cough*
. To be able to use iptables-restore SuSEfirewall2 would need a lot more logic
than what is be possible with bourne shell as it would need to sort and reorder
the rules for example. Furthermore interfaces are not static. They can
arbitrarily appear and disapper with different names so a generic solution
can't just dump the rules with iptables-store and re-apply them with
iptables-restore.

The file you are looking for simply doesn't exist.

Also consider this quote from "Iptables Tutorial 1.2.0" by Oskar Andreason:

Quote:

...can iptables-restore handle any kind of scripting? So far, no, it cannot and it will most probably never be able to. This is the main flaw in using iptables-restore since you will not be able to do a huge set of things with these files. ...

This is from the /sbin/SuSEfirewall2 script itself:

Code:

###########################################################################
#                                                                         #
# The configuration file for this firewall script is                      #
# /etc/sysconfig/SuSEfirewall2                                            #
#                                                                         #
# Please make only modifications to this script if you know what you      #
# are doing! A small explanation of the setup can be found in             #
# /usr/share/doc/packages/SuSEfirewall2/README                            #
#                                                                         #
# For new-user help concerning configuring this firewall, take a look at  #
# the configuration file /etc/sysconfig/SuSEfirewall2 - it tells          #
# you all                                                                 #
# (if not: sorry, but configuring a packet filter/screening router is NOT #
# trivial - you must know what you are doing and what it actually does!)  #
#                                                                         #
###########################################################################