I want to open port 143 for IMAP and have done it this way:

1. iptables-save > firewall
2. Edit 'firewall' script to open 143
3. iptables-restore < firewall
4. service iptables save
5. Verify that new rule exists in /etc/sysconfig/iptables
6. service iptables restart
7. Rule is still in place (great!)

But when I restart the machine, my rule is gone and the /etc/sysconfig/iptables file has reverted to the original. The rule is definitely being saved to that file before restart. Restarting just the iptables service doesn't have the same problem - only on reboot.

Any clues??? Thanks!

maybe the iptables service doesn't start at the boot time.

after save your rules make sure the iptables service start on run level by this command.

/sbin/chkconfig iptables on

i hope it does work now.

after you get it the way you want it try:

chmod 444 /etc/sysconfig/iptables

so it is read only then nothing can change it. if you want to change it though you will need to:

chmod 777 /etc/sysconfig/iptables

then 444 again when you are done editing.

It's definitely starting at boot LinuxForEver.

Nice idea FriedFishes but even with permissions at 400, the file's still being overwritten on boot :(

hmmm. sorry that was my only idea... :rolleyes:

I'm no expert on iptables but it seems to me you're restoring the old iptables in your steps above. I would try the following:

iptables-save > iptables.old
modify the iptables to suit.
iptables-save > iptables.new
service iptables save
service iptables restart
reboot

That should get you want you want. It certainly works for me and gives me a backup of the old and new configurations.

You can always backup the iptables script and then edit that directly if you think you might be overwritting your changes:

# cp /etc/sysconfig/iptables /root/iptables.20070829
# vi /etc/sysconfig/iptables
# service iptables restart

Jim, thanks, but since I'm exporting the 'firewall' script then editing it before importing it again, I'm restoring the amended script - not the original.

Pewterdragn, that doesn't work either - tried it.

Before rebooting I'm double checking that the /etc/sysconfig/iptables file does reflect my changes - i.e. it's how I want it. The new rules are definitely, without question, being written to the /etc/sysconfig/iptables file. But when I reboot, it reverts to how it looked before the changes. If I merely restart the iptables service, the changes remain saved. It's only a problem on a full system reboot.

I can't find anyone with the same problem on Google after hours of trawling... Very odd.

Ah, sorry, I presumed you had just run the commands. Have you tried just using the command line to input the iptables commands by hand and then using 'service iptables save'?

I seem to dimly recall that there is some kind of problem with iptables not saving scripts. Can't recall where I saw it though.

It seems like something else must be overwriting the file on either system shutdown or startup then. Have you checked all the startup/shutdown scripts? There is no process that I've seen in FC1-7 that would overwrite this file. I've written hundreds of iptables files like this and have never had one "reverted".

Does the file's date/time stamp change after the reboot? Does this change if you boot into single user mode? It might he helpful to figure out when it changes to link to what is changing it.

try saving the rules again before reboot (wild guess)

Did you get it working?

I tried it after removing the ACCEPT rule for icmp messages and port 631 for printer sharing and it worked fine.

Glad you worked it out!