IPTables or Firewall startup at BOOTUP ?

I made it through this excellent tutorial on how to set up
IPMasquerading,

http://www.ibiblio.org/pub/Linux/doc...squerade-HOWTO

If I set up the rc.firewall-2.4-stronger to start on BOOTUP does this
mean I can disable the iptables service that starts when the system
is BOOTUP?

For whatever reason I can't get to the webserver when the iptables
runs at BOOTUP as a service along with firewall-2.4-stronger.

I made the required change to rc.firewall-2.4-stronger;

echo -e " - Allowing EXTERNAL access to the WWW server"
$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED
\
-p tcp -s $UNIVERSE -d $EXTIP --dport 80 -j ACCEPT


Thanks,
Peter
(Red Hat 9.0)


This is the /etc/rc.d/init.d/iptables that was with the default
installation.

#!/bin/sh
#
# Startup script to implement /etc/sysconfig/iptables pre-defined
rules.
#
# chkconfig: 2345 08 92
#
# description: Automates a packet filtering firewall with iptables.
#
# by (E-Mail Removed), based on the ipchains script:
# Script Author: Joshua Jensen <(E-Mail Removed)>
# -- hacked up by gafton with help from notting
# modified by Anton Altaparmakov <(E-Mail Removed)>:
# modified by Nils Philippsen <(E-Mail Removed)>
#
# config: /etc/sysconfig/iptables

# Source 'em up
.. /etc/init.d/functions

IPTABLES_CONFIG=/etc/sysconfig/iptables

if [ ! -x /sbin/iptables ]; then
exit 0
fi

KERNELMAJ=`uname -r | sed -e 's,\..*,,'`
KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'`

if [ "$KERNELMAJ" -lt 2 ] ; then
exit 0
fi
if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 3 ] ; then
exit 0
fi



if /sbin/lsmod 2>/dev/null |grep -q ipchains ; then
# Don't do both
exit 0
fi

iftable() {
if fgrep -qsx $1 /proc/net/ip_tables_names; then
iptables -t "$@"
fi
}

start() {
# don't do squat if we don't have the config file
if [ -f $IPTABLES_CONFIG ]; then
# If we don't clear these first, we might be adding to
# pre-existing rules.
chains=`cat /proc/net/ip_tables_names 2>/dev/null`
echo -n $"Flushing all current rules and user defined chains:"
let ret=0
for i in $chains; do iptables -t $i -F; let ret+=$?; done
iptables -F
let ret+=$?
if [ $ret -eq 0 ]; then
success
else
failure
fi
echo
echo -n $"Clearing all current rules and user defined
chains:"
let ret=0
for i in $chains; do iptables -t $i -X; let ret+=$?; done
iptables -X
let ret+=$?
if [ $ret -eq 0 ]; then
success
else
failure
fi
echo

for i in $chains; do iptables -t $i -Z; done

echo -n $"Applying iptables firewall rules: "
grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:]]*$'
| /sbin/iptables-restore -c && \
success || \
failure
echo
touch /var/lock/subsys/iptables
fi
}

stop() {
chains=`cat /proc/net/ip_tables_names 2>/dev/null`
echo -n $"Flushing all chains:"
let ret=0
for i in $chains; do iptables -t $i -F; let ret+=$?; done
iptables -F; let ret+=$?
if [ $ret -eq 0 ]; then
success
else
failure
fi
echo

echo -n $"Removing user defined chains:"
let ret=0
for i in $chains; do iptables -t $i -X; let ret+=$?; done
iptables -X; let ret+=$?
if [ $ret -eq 0 ]; then
success
else
failure
fi
echo
echo -n $"Resetting built-in chains to the default ACCEPT
policy:"
iftable filter -P INPUT ACCEPT && \
iftable filter -P OUTPUT ACCEPT && \
iftable filter -P FORWARD ACCEPT && \
iftable nat -P PREROUTING ACCEPT && \
iftable nat -P POSTROUTING ACCEPT && \
iftable nat -P OUTPUT ACCEPT && \
iftable mangle -P PREROUTING ACCEPT && \
iftable mangle -P POSTROUTING ACCEPT && \
iftable mangle -P INPUT ACCEPT && \
iftable mangle -P OUTPUT ACCEPT && \
iftable mangle -P FORWARD ACCEPT && \
success || \
failure
echo
rm -f /var/lock/subsys/iptables
}

case "$1" in
start)
start
;;

stop)
stop
;;

restart)
# "restart" is really just "start" as this isn't a daemon,
# and "start" clears any pre-defined rules anyway.
# This is really only here to make those who expect it happy
start
;;

condrestart)
[ -e /var/lock/subsys/iptables ] && start
;;

status)
tables=`cat /proc/net/ip_tables_names 2>/dev/null`
for table in $tables; do
echo $"Table: $table"
iptables -t $table --list
done
;;

panic)
echo -n $"Changing target policies to DROP: "
iftable filter -P INPUT DROP && \
iftable filter -P FORWARD DROP && \
iftable filter -P OUTPUT DROP && \
iftable nat -P PREROUTING DROP && \
iftable nat -P POSTROUTING DROP && \
iftable nat -P OUTPUT DROP && \
iftable mangle -P PREROUTING DROP && \
iftable mangle -P OUTPUT DROP && \
iftable mangle -P POSTROUTING DROP && \
iftable mangle -P INPUT DROP && \
iftable mangle -P FORWARD DROP && \
success || failure
echo
echo -n "Flushing all chains:"
iftable filter -F INPUT && \
iftable filter -F FORWARD && \
iftable filter -F OUTPUT && \
iftable nat -F PREROUTING && \
iftable nat -F POSTROUTING && \
iftable nat -F OUTPUT && \
iftable mangle -F PREROUTING && \
iftable mangle -F OUTPUT && \
success || failure
echo
echo -n "Removing user defined chains:"
iftable iftable filter -X && \
iftable nat -X && \
iftable mangle -X && \
success || failure
echo
;;

save)
echo -n $"Saving current rules to $IPTABLES_CONFIG: "
touch $IPTABLES_CONFIG
chmod 600 $IPTABLES_CONFIG
/sbin/iptables-save -c > $IPTABLES_CONFIG 2>/dev/null && \
success $"Saving current rules to $IPTABLES_CONFIG" || \
failure $"Saving current rules to $IPTABLES_CONFIG"
echo
;;

*)
echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save} "
exit 1
esac

exit 0