Novell Doc: Novell ZENworks Network Access Control Users Guide

16.20 iptables Wrapper Script

To avoid creating conflicts between iptables and the nac-es service, do not run the following commands manually:

/etc/init.d/iptables
service iptables start
service iptables stop
service iptables restart

The nac-es service must be shutdown before making changes to the iptables firewall. This script ensures that errors are not introduced by making changes when nac-es is running.

Use the following commands to control iptables from the command line:

To stop iptables:

fw_control stop

To start iptables:

fw_control start

To restart iptables:

fw_control restart

To save iptables config:

fw_control save

To get iptables status (iptables -L):

fw_control status

NOTE:Note that this last command can be used even if the nac-es service is running since it makes no changes to the iptables rules.