nrjordan
asked on
How can I "copy" IPTables rules from an old RH 7.2 Firewall to a new Fedora Firewall
I've basically just joined a new company as head of IT - needless to say, I've been left with some rather screwed up software [and hardware] due to an incompetent predecessor. One of our major problems is a 7 year old desktop running a 4 year old version of Linux as a firewall. Now the original installation I'm told, was pretty tight - as such, I want to transcribe the old IPTables rules onto the new machine.
Is there a way of doing this - seeing as I'm not particularly au fait [yet] with Linux 7.2 or Fedora? If not, how can I see what the original rules were?
Is there a way of doing this - seeing as I'm not particularly au fait [yet] with Linux 7.2 or Fedora? If not, how can I see what the original rules were?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
As root, do
# /sbin/iptables-save (on RH7.2)
and copy the /etc/sysconfig/iptables from RH7.2 to Fedora /etc/sysconfig/iptables.
Then restart the iptables on Fedora
# service iptables restart
Regards,
Wesly
As root, do
# /sbin/iptables-save (on RH7.2)
and copy the /etc/sysconfig/iptables from RH7.2 to Fedora /etc/sysconfig/iptables.
Then restart the iptables on Fedora
# service iptables restart
Regards,
Wesly
No, it really is as simple as Wesley makes it out to be. You may want to take some time to review it to ensure that it is doing what you expect. The only problem with Red Hat's method of doing it is that there will be no comments embedded within so you'll have to evaluate what your predecessor was doing.
And thank you, Wesly, for helping out.
And thank you, Wesly, for helping out.
AFAIK the most reliable method would be to copy the /etc/sysconfig/iptables
then compare results of following command on old and new installation:
(iptables -L -n -v&&iptables -L -n -v -t nat&&iptables -L -n -v -t mangle)|grep -v packets|cut -b 13-|sort
# probably you need to adjust 13 in the cut command above
then compare results of following command on old and new installation:
(iptables -L -n -v&&iptables -L -n -v -t nat&&iptables -L -n -v -t mangle)|grep -v packets|cut -b 13-|sort
# probably you need to adjust 13 in the cut command above
ASKER
Thanks guys - you've been a great help
ASKER