For more information about IPv6 and netfilter, refer to Section 6, “ip6tables andIPv6”.5.1. iptables Control Scripts Configuration FileThe behavior of the iptables initscripts is controlled by the/etc/sysconfig/iptables-config configuration file. The following is a list of directivescontained within this file:• IPTABLES_MODULES — Specifies a space-separated list of additional iptables modules toload when a firewall is activated. These can include connection tracking and NAT helpers.• IPTABLES_MODULES_UNLOAD — Unloads modules on restart and stop. This directive acceptsthe following values:• yes — The default value. This option must be set to achieve a correct state for a firewallrestart or stop.• no — This option should only be set if there are problems unloading the netfilter modules.• IPTABLES_SAVE_ON_STOP — Saves current firewall rules to /etc/sysconfig/iptables whenthe firewall is stopped. This directive accepts the following values:• yes — Saves existing rules to /etc/sysconfig/iptables when the firewall is stopped,moving the previous version to the /etc/sysconfig/iptables.save file.• no — The default value. Does not save existing rules when the firewall is stopped.• IPTABLES_SAVE_ON_RESTART — Saves current firewall rules when the firewall is restarted.This directive accepts the following values:• yes — Saves existing rules to /etc/sysconfig/iptables when the firewall is restarted,moving the previous version to the /etc/sysconfig/iptables.save file.• no — The default value. Does not save existing rules when the firewall is restarted.• IPTABLES_SAVE_COUNTER — Saves and restores all packet and byte counters in all chainsand rules. This directive accepts the following values:• yes — Saves the counter values.• no — The default value. Does not save the counter values.• IPTABLES_STATUS_NUMERIC — Outputs IP addresses in a status output instead of domain orhostnames. This directive accepts the following values:• yes — The default value. Returns only IP addresses within a status output.Chapter 18. iptables340
