current community

your communities

more stack exchange communities

Stack Exchange Inbox Reputation and Badges
tour help
Sign up ×
Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. It's 100% free, no registration required.
up vote 1 down vote favorite

I will try to reword this as best as I can. I created a virtual machine to serve as a loadtest server with RHEL. If a user requested access to this server to run a loadtest, his workstation ip would be added to the iptables so that he would have access from his Windows Workstation via ssh. It was decided that instead of editing the iptables file and then restarting services with service iptables restart, a script would be written to add a users workstation each time a user wanted to run a loadtest on this server. In addition, a seperate script would be written to remove a users workstation ip from iptables without restarting services. I suppose my main question is how do you add a rule in iptables and have it take effect without running service iptables restart ? Same question for removing a rule in iptables. Is there a few commands I can run for this or does a script need to be written ?

This is what I have so far to add a users workstation: iptables -I INPUT 1 -p tcp -s xxx.xxx.xx.xxx --dport 22 -m comment --comment "Test for pvaldez" -j ACCEPT

share|improve this question

closed as unclear what you're asking by Gilles, jasonwryan, Ramesh, Mat, slm May 24 '14 at 11:26

Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question.If this question can be reworded to fit the rules in the help center, please edit the question.
2  
Can the question be reformed for clarity please? –  Christopher May 23 '14 at 16:39
1  
Agreed, it's hard to tell what you're asking. –  Bratchley May 23 '14 at 17:58
    
At least give an example of what you're trying to do. What iptables rules are you trying to change? –  Gilles May 23 '14 at 23:47
    
Are you looking for service iptables reload? –  Christopher May 29 '14 at 23:47
    
Christopher, yes something to the effect of an iptables reload, but I need a simple script that will pass the ip address of a workstation as a parameter. Something like ./scriptname ipaddress. Then I need the same when it's time to remove that ip address, again without having to restart iptables. Let me know if you need more specific information. I appreciate any and all feedback. –  user68384 May 30 '14 at 13:21

1 Answer 1

up vote 0 down vote

You never need to restart the service, you just reload the configuration like the following, unless you lack root access to the iptables service.

/etc/init.d/iptables reload

You may also need to save them depending on how they are being added, either to memory or editing the file directly.

If adding to memory by using the command then you will need to run the command:

#service iptables save

http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-iptables.html#s1-iptables-saving

PS. I always edit the file directly instead of using the commands in memory:

edit /etc/sysconfig/iptables

share|improve this answer
    
Hi Rose and thank you for your feedback. I did understand your logic behind an iptables reload. Can you give me some direction in creating a bash script. A simple script that will pass the ip address of a workstation as a parameter. Something like ./scriptname ipaddress. Any feedback is appreciated. –  user68384 May 30 '14 at 14:39
    
@user68384 iptables is pretty easy once you get to know it. It is easiest to edit iptables with vi... 'vi /etc/sysconfig/iptables' Just add a line like.. '-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT' To allow a port. Change the port number as needed. –  Rose Ab May 31 '14 at 7:57

Not the answer you're looking for? Browse other questions tagged or ask your own question.