<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:Candara;
panose-1:2 14 5 2 3 3 3 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>Hi Richard,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>For once I can answer a question rather than ask one!<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The iptables rules are regenerated by cron. You can change the rules in the script /etc/cron.hourly/log_traffic around line 50<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal><i><span style='font-size:10.0pt;font-family:"Candara","sans-serif"'>Kind Regards,<o:p></o:p></span></i></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Candara","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Candara","sans-serif"'>Jason Humphrey<o:p></o:p></span></b></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Candara","sans-serif"'><o:p> </o:p></span></b></p><p class=MsoNormal><b><span style='font-size:7.5pt;font-family:"Candara","sans-serif";color:green'>Please consider your environmental responsibility.</span></b><span style='font-size:7.5pt;font-family:"Candara","sans-serif";color:green'><br>Before printing this e-mail message, ask yourself whether you really need a hard copy.<o:p></o:p></span></p><p class=MsoNormal><b><span style='font-family:"Candara","sans-serif";color:#666666'><o:p> </o:p></span></b></p><p class=MsoNormal><b><span style='font-size:7.5pt;font-family:"Candara","sans-serif";color:#666666'>DISCLAIMER</span></b><span style='font-size:7.5pt;font-family:"Candara","sans-serif";color:#666666'><br><b>Confidentiality:</b> This e-mail and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must take no action based on them, nor must you copy or show them to anyone; please reply to this e-mail and highlight the error.</span><span style='font-family:"Candara","sans-serif"'><o:p></o:p></span></p></div><p class=MsoNormal><o:p> </o:p></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> blueonyx-bounces@mail.blueonyx.it [mailto:blueonyx-bounces@mail.blueonyx.it] <b>On Behalf Of </b>Richard Morgan :: Morgan Web<br><b>Sent:</b> 25 November 2014 09:59<br><b>To:</b> 'BlueOnyx General Mailing List'<br><b>Subject:</b> [BlueOnyx:16550] Adding an ACCEPT rule for a static IP in the firewall<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Hi, we use the APF and BFD package and the BX keeps blocking a Windows box. I can remove the offending DROP rules, no problem and I thought I could add a rule with this:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-family:Consolas'>iptables -I INPUT -s nnn.nnn.nnn.nnn/27 -j ACCEPT<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:Consolas'>service iptables save<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:Consolas'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:Consolas'>This is listed in the rules when I run iptables --list --line-numbers –n (grep IP, of course).<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:Consolas'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:Consolas'>However within about 24 hours the rules are gone and the box is blocking the Windows server again. So, please could someone explain how I can save the iptables config so it they are permenant? <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:Consolas'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:Consolas'>Many thanks, Richard<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>