I've always been one to just manually edit /etc/sysconfig/iptables with vim when I needed to add/remove a rule (and then restart the iptables). I'm not sure if this is best practice, just the way I was taught. Just recently, I installed fail2ban (CentOS 6). when running "cat /etc/sysconfig/iptables" I see no mention of the new chain.
However, when running "iptables -L -v -n" I do see the new line "Chain fail2ban-SSH (1 references)". If not visible when manually editing /etc/sysconfig/iptables, where is the fail2ban chain stored?
Am I incorrect in manually editing the iptables file? What is causing there to be a difference between the two ways of listing my ruleset? I should also mention this behavior is consistent across reboots. My questions use fail2ban as the example, but I'm more curious about this from a general iptables/chains perspective. Fail2ban just brought it to light ;)
R
[link][8 comments]