Hii, I want to use iptables , I am using ARCH linux, How can I make it load and make config at boot please?

I suggest a book to do that or may be a short/quick tutorial available on the web. Search google for it. The book would be Linux Firewalls (Third Edition) ISBN: 0672327716. You would have to put those rules in a bash script and then run the script at boot time (probably by calling it from rc.local). Try to search arch linux forums on arch linux site.

Tux,

The system starts a number of different configuration tools (with configuration data) at boot. Firewall uses something like /etc/init.d/firewall. Sometimes, if you have quite an advanced script, it's not called 'firewall' and the script name is used instead.

To make a script run at boot:
1. Find your runlevel. That's simple. Just run 'runlevel'. You'll get a number. That's your runlevel.
2. Copy your script to /etc/rcX.d where X is your runlevel. The scripts have names like S10firewall. S means to start it, 10 is a number that shows the order the script are run. Files like S10firewall are usually symlinks (symbolic links) to files in /etc/init.d. Copy your script to /etc/rcX.d directly or to /etc/init.d and make a symlink.

iptables is a kernel module that is probably linked to your kernel, and is also a userland program that communicates with the aforementioned kernel module. By itself, the kernel module does nothing. To configure it to do it's work, you send it messages, using the userland iptables command. This is done repetitively, until the desired state is reached. Typically, the series of iptables commands is encapsulated in a script, and typically this script is run as some part of the boot sequence. The mechanics of setting up the boot-time scripts is a separate matter, and is well documented 'out there'.

As well, there are packages out there that provide a gui for hand-holding and guidance in building up the script(s). These are sometimes referred to (incorrectly) as firewalls. I, personally, prefer to use a ready-made script called HomeLANSecurity, which a generous person made publicly avalailable. This is a package which allows a linux host to perform as a router/firewall for a local LAN connected to the interenet. I found it easy to understand, and also easy to add a few features for my specific application. There are numerous other packages that are similar in nature. Note that there is no 'best overall' iptables setup, because each situation has different requirements and emphases.

Setting up an iptables based firewall requires a combination of skills in iptables itself, shell scripting, and boot-time configuration. Much of the latter is dependent on your distribution, and other special requirements.

Hope this points you in the right direction.

--- rod.

Yep tanx guys!