Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hii, I want to use iptables , I am using ARCH linux, How can I make it load and make config at boot please?
I suggest a book to do that or may be a short/quick tutorial available on the web. Search google for it. The book would be Linux Firewalls (Third Edition) ISBN: 0672327716. You would have to put those rules in a bash script and then run the script at boot time (probably by calling it from rc.local). Try to search arch linux forums on arch linux site.
The system starts a number of different configuration tools (with configuration data) at boot. Firewall uses something like /etc/init.d/firewall. Sometimes, if you have quite an advanced script, it's not called 'firewall' and the script name is used instead.
To make a script run at boot:
1. Find your runlevel. That's simple. Just run 'runlevel'. You'll get a number. That's your runlevel.
2. Copy your script to /etc/rcX.d where X is your runlevel. The scripts have names like S10firewall. S means to start it, 10 is a number that shows the order the script are run. Files like S10firewall are usually symlinks (symbolic links) to files in /etc/init.d. Copy your script to /etc/rcX.d directly or to /etc/init.d and make a symlink.
iptables is a kernel module that is probably linked to your kernel, and is also a userland program that communicates with the aforementioned kernel module. By itself, the kernel module does nothing. To configure it to do it's work, you send it messages, using the userland iptables command. This is done repetitively, until the desired state is reached. Typically, the series of iptables commands is encapsulated in a script, and typically this script is run as some part of the boot sequence. The mechanics of setting up the boot-time scripts is a separate matter, and is well documented 'out there'.
As well, there are packages out there that provide a gui for hand-holding and guidance in building up the script(s). These are sometimes referred to (incorrectly) as firewalls. I, personally, prefer to use a ready-made script called HomeLANSecurity, which a generous person made publicly avalailable. This is a package which allows a linux host to perform as a router/firewall for a local LAN connected to the interenet. I found it easy to understand, and also easy to add a few features for my specific application. There are numerous other packages that are similar in nature. Note that there is no 'best overall' iptables setup, because each situation has different requirements and emphases.
Setting up an iptables based firewall requires a combination of skills in iptables itself, shell scripting, and boot-time configuration. Much of the latter is dependent on your distribution, and other special requirements.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.