At present I use the script generated by
iptables-save to be loaded at boot up. This are the [partial] contents of
# Generated by iptables-save v1.4.4 on Sat Mar 19 15:35:11 2011 *nat REROUTING ACCEPT [218073:19652132] OSTROUTING ACCEPT [75792:5067692] :OUTPUT ACCEPT [68177:4555584] -A POSTROUTING -o eth2 -j MASQUERADE COMMIT # Completed on Sat Mar 19 15:35:11 2011
And I have this line in the
etc/network/interfaces under the interface that should be firewalled:
pre-up iptables-restore < /etc/iptables.rules
This system has become tedious for me as I have to change the rules frequently, and whenever I change the rules I need to generate another
iptables.rules file and do a system boot up to see if the the rules get applied or not. Can it be done as like conf files which load at whenever
service firewall restart is done. And within the main iptables conf file another iptables rules file can be linked which can be made editable by users who have less privileges. I want iptables rules to be written directly in a text file which gets loaded at boot-up or when
service firewall restart is done.
I presume you are on a DEBIAN based system, because RH/Centos distros are coming with init script included.
For Ubuntu install iptables-persistent
apt-get install iptables-persistent
and should be enough.
For Debian you can get the script from where: http://www.ubuntucy.org/wiki/index.php/A_persistent_iptables_startup_script_for_Debian_based_systems
To add it at boot use update-rc.d. I presume you saved the script on /etc/init.d/iptables, run:
update-rc.d iptables defaults
and you are done.