Aug 11, 2011
tom

Loading manually created iptables script on boot-up

Question

At present I use the script generated by iptables-save to be loaded at boot up. This are the [partial] contents of /etc/iptables.rules:

# Generated by iptables-save v1.4.4 on Sat Mar 19 15:35:11 2011
*nat
:PREROUTING ACCEPT [218073:19652132]
:POSTROUTING ACCEPT [75792:5067692]
:OUTPUT ACCEPT [68177:4555584]
-A POSTROUTING -o eth2 -j MASQUERADE
COMMIT
# Completed on Sat Mar 19 15:35:11 2011

And I have this line in the etc/network/interfaces under the interface that should be firewalled:

pre-up iptables-restore < /etc/iptables.rules

This system has become tedious for me as I have to change the rules frequently, and whenever I change the rules I need to generate another iptables.rules file and do a system boot up to see if the the rules get applied or not. Can it be done as like conf files which load at whenever service firewall restart is done. And within the main iptables conf file another iptables rules file can be linked which can be made editable by users who have less privileges. I want iptables rules to be written directly in a text file which gets loaded at boot-up or when service firewall restart is done.

Answer

I presume you are on a DEBIAN based system, because RH/Centos distros are coming with init script included.

For Ubuntu install iptables-persistent

apt-get install iptables-persistent 

and should be enough.

For Debian you can get the script from where: http://www.ubuntucy.org/wiki/index.php/A_persistent_iptables_startup_script_for_Debian_based_systems

To add it at boot use update-rc.d. I presume you saved the script on /etc/init.d/iptables, run:

update-rc.d iptables defaults

and you are done.

Regards

Related posts:

  1. On RHEL 5.6 I have an init.d script which is stuck in an infinite loop. How to boot without loading it?
  2. apply back firewall after iptables flush
  3. Manual Firewall Configuration on Redhat IPTables
  4. Problem with sendmail combined with iptables
  5. Iptables Hangs when listing rules

Leave a comment