trouble reloading iptables rules in Debian

dave247 · 01-25-2011, 10:42 AM

I am running Debian Bigmem and iptables v1.3.6

I am not updating or upgrading anything so please dont say things about that or using anything else. I am doing something specific.

My problem/confusion is this: I added a new rule to iptables

Code:

iptables -A INPUT -p tcp  --dport 25 -j ACCEPT

and now I want to reload iptables so the change will take effect. First: do I even need to reload it or are the changes dynamic?

I have tried iptables-reload, iptables-restart, iptables -reload, iptables -restart, uptables restart, /etc/init.d/iptables restart, etc... but nothing works to get it reloaded.

So how could I restart iptables? Do I even need to?

thanks

repo · 01-25-2011, 10:47 AM

Hi,

You need to safe the rule, if you want it to work after a reboot.
Take a look at
http://www.debian-administration.org/articles/445

Kind regards

dave247 · 01-25-2011, 11:09 AM

ah I always leave out some important info in my posts!!!!

I did save the iptables using iptables-save and it does save the changes. But then are the changes alive now, or do I actually need to reboot Linux?

repo · 01-25-2011, 11:11 AM

You can verify with

Quote:

iptables -L

Kind regards

Noway2 · 01-25-2011, 11:14 AM

Using iptables-save will save the current iptables configuration to a file. You can then use the iptables-restore command to restore the rule set. By default, on reboot the iptables queue is flushed. A common place to put the iptables-restore command is in your networking configuration so that it is called just after the interface is enabled. To use these commands in this fashion, code them as follows:

Code:

iptables-save > to_file
iptables-restore < from_file

Be sure you set appropriate permissions on the file such as root write only. I usually make the the to/from file something like /etc/iptables-rules.

dave247 · 01-25-2011, 11:17 AM

yes the changes get saved. iptables -L shows me the newly added ports.... so then its working? the changes take effect in the firewall immediatly? thats all I was wondering. I was under the assumption that I needed to issue some sort of iptables restart to get the changes to work... but it makes more sense that you wouldnt have to... -A is appending new rules, so it only makes sense.

as long as I dont need to restart iptables, then i have no issue here.

thanks

jlinkels · 01-25-2011, 11:29 AM

Any rule entered to iptables takes effect immediately.

The Debian way of setting up iptables is to create a bash script file containing all rules. Every time the script is run, iptables is cleaned and completely set up again. That is a huge advantage, because a script file is much easier to read and edit as compared to iptable -L output.

Have a look at the Debian ipmasq package to understand this philosophy. You have to google it, it is not installed by default.

jlinkels