After creating an iptables configuration with FireHOL I want to save it to have it autoload whenever the machine boots. FireHOL saves it in /var/lib/iptables/autosave. /etc/init.d/iptables tries to load the rules from /var/lib/iptables/rules-save (as configured in /etc/conf.d/iptables) but of course does not find it. Reproducible: Always Steps to Reproduce: 1. Create iptables config with FireHol 2. Save config with FireHol 3. "rc-update add iptables boot" 4. Reboot Actual Results: Error message from /etc/init.d/iptables about no config found Expected Results: Load my config Three ideas for a solution: 1. Patch FireHol to create softlink in /var/lib/iptables from autosave to rules-save when saving config 2. Enhance /etc/init.d/iptables to look in multiple places for the config file and then add autosave at installation of FireHOL 3. Patch FireHOL to write to rules-save instead of autosave
OK, after looking around a little more I found a fourth method to solve the problem which is to patch FireHOL and set FIREHOL_AUTOSAVE to /var/lib/iptables/rules-save.
What about modifying /etc/conf.d/iptables to: IPTABLES_SAVE="/var/lib/iptables/autosave"
I don't know, that might break other things that are depending on the name rules-save.
A workaround is to set up your firewall with firehol, and then do : > /etc/init.d/iptables save This saves whatever is the current iptables setup, which is then restored on boot (if you've added iptables to boot)
FireHOL 1.159 takes care of Gentoo by sourcing /etc/conf.d/iptables. So, this bug can be closed as soon as 1.159 is in Portage.
closing with bug #31052
