Good day!
It has been a long time since I needed to ask a question on the forums, but I just ran across a caution and some examples for the custom firewall which state you must use $IPTABLES in the rules you add in the custom firewall. I have never been an early adopter and am using ClearOS 6.9.0 (Final), yet I am of the belief that using $IPTABLES is only necessary in Version 7. All of my added rules use iptables (again I am using version 6 of ClearOS), and my rules work just fine. An example is below:
iptables -t filter -I FORWARD -s 34.210.91.112/28 -d 192.168.1.165 -p udp --dport 5060 -j ACCEPT
BUT if things have changed and best practices dictate using $IPTABLES even in version 6.9, I would do so. Even though "if it is not broken don't fix it".
The 6.9.0 Custom Firewall help shows using iptables but when you click for more examples it shows examples using $IPTABLES.
A bit of confusion.
Thanks!
John
It has been a long time since I needed to ask a question on the forums, but I just ran across a caution and some examples for the custom firewall which state you must use $IPTABLES in the rules you add in the custom firewall. I have never been an early adopter and am using ClearOS 6.9.0 (Final), yet I am of the belief that using $IPTABLES is only necessary in Version 7. All of my added rules use iptables (again I am using version 6 of ClearOS), and my rules work just fine. An example is below:
iptables -t filter -I FORWARD -s 34.210.91.112/28 -d 192.168.1.165 -p udp --dport 5060 -j ACCEPT
BUT if things have changed and best practices dictate using $IPTABLES even in version 6.9, I would do so. Even though "if it is not broken don't fix it".
The 6.9.0 Custom Firewall help shows using iptables but when you click for more examples it shows examples using $IPTABLES.
A bit of confusion.
Thanks!
John
In Firewall
Share this post:
Responses (2)
-
Accepted Answer
6.x uses the older version of iptables so it should not matter. IPTABLES is set to something like "/sbin/iptables". In 7.x it is more important because it is set to "/sbin/iptables -w" (the path may be different) and the -w is important. It may also switch to "/usr/sbin/ip6tables -w" on the fly when doing ipv6 rules, but ClerOS is not really ipv6 ready. The advantage of using $IPTABLES in 6.x is if you upgrade to 7.x using a config backup from 6.x and a restore into 7.x. Then your rules will come across correctly.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »