Redhat 7.1, with kernel 2.4.x already includes predefined netfilter and iptables. However, for backward compatibility with previous distributions, the default running ipchains. We now briefly explain-how to uninstall ipchains and iptables instead run.
Version of iptables on Red Hat 7.1 is out of date, and probably a good solution would be to install a newer version.
First you need to disable ipchains to avoid loading the appropriate modules in the future. To achieve this, we need to change the names of some files in a directory tree/etc/rc.d/. The following command will perform the action required:
chkconfig–level 0123456 ipchains off
As a result of this command, some names contain links that point to the files in the directory/etc/rc.d/init.d/ipchains, the S character (who reports that this script works on system startup) is replaced with K (from the word Kill, which indicates that the script is working, when the system is shut down. So we will prevent unnecessary service launch in the future.
But the ipchains remain in work. Now we have to execute a command that will stop this service:
service stop ipchains
And finally, you must start the service iptables. To do this, first, it is necessary to determine the levels of the operating system on which you want to start this service. Typically this level 2, 3 and 5. On these levels, we know:
2. Multiplayer mode does not support NFS or the same as 3, but without network support.
3. Full-featured multiplayer mode.
5. X 11. This level is used to automatically download Xwindows.
To run the iptables at these levels you need to execute the command:
chkconfig–level 235 iptables on
I want to mention about the levels at which you do not want to run iptables: level 1-a-single-user mode is usually used in cases of emergency, when we “raise” “fallen” System. 4-level-should never be used. Run level 6 is a level stop system when you shut down or restart your computer.
To activate the service iptables will serve with the command:
Service iptables start
So, we launched the iptables, but we do not yet have any rules. To add a new rule in Red Hat 7.1, you can go two ways, first: adjust file/etc/rc.d/init.d/iptables, but this method has one negative property-when updating iptables RPM packages all your rules will be lost, and secondly: make the rules and save them with iptables-save, saved so the rules will be automatically restored when the system boots.
If you chose the first option to install iptables rules, you must add them to the start script/etc/rc.d/init.d/iptables (to set the rules at boot) or in the function start(). To perform an action when you stop the system, make the appropriate changes to the stop) or the function stop (). Just don’t forget about the restart and condrestart. I want to remind once again that, in the case of update iptables RPM packages or through automatic updates across a network, you may lose any changes you made to the file/etc/rc.d/init.d/iptables.
The second way to load rules preferred. It involves the following steps. Start-write rules to a file, or directly through the command iptables, whichever you prefer. Then execute the command iptables-save. This command is equivalent to iptables-save >/etc/sysconfig/iptables. As a result, the entire set of rules will be saved in the file/etc/sysconfig/iptables, which is automatically loaded when you start the service iptables. Another way to save the rule set will feed command service iptables save, which is identical to the above command. Subsequently, when you restart the computer, the script of the RC.d iptables will perform the command iptables-restore, loading a rule set from a file/etc/sysconfig/iptables.
And finally, at the end of the installation, it would be nice to remove older versions of ipchains and iptables. You must do this to ensure that the system is not “messed up” the old package iptables with a newly installed. Delete the old package iptables to only if you were installing from source. The fact of the matter is that the RPM packages are installed in a slightly different place than packages compiled from source, and therefore the new package is not “erases” the old. To uninstall a previous version of iptables, run the following command:
Similarly, remove and ipchains, because to leave the package in the system no longer makes any sense.