Where is iptables config file
Hi folks,
Ubuntu 7.04 server amd64 Where is iptables config file? satimis@ubuntu:~$ sudo find / -name iptables.conf satimis@ubuntu:~$ sudo find / -name iptables-rules both w/o printout satimis@ubuntu:~$ which iptables /sbin/iptables TIA satimis |
There's no default. You can set your iptables config anywhere you want. Add a "pre-up" line to your /etc/network/interfaces file, calling the iptables-restore command. Say you choose /etc/example.txt - in your /etc/network/interfaces file you'd have a line like:
Code:
pre-up iptables-restore < /etc/example.txt Code:
iptables-save > /etc/example.txt |
Best chance is in /etc or one of its subdirectories. Run one of following commands (while in /etc) to find it
Code:
sudo grep -R iptables * As far as I remember, there is a good chance that it's a script and not a simple config file. |
Quote:
satimis@ubuntu:/etc$ sudo grep -R iptables * Password: Code:
bash_completion:# Linux iptables(8) completion B.R. satimis |
Guys, for there to be a "default config location" you'd first need something like a startup/shutdown iptables script in /etc/init.d from which said config file would be referenced. Then, wherever that script expects to find the iptables config could be considered "the default config location". But because Ubuntu doesn't have a startup/shutdown script for iptables, there is no default iptables config location.
Ubuntu provides you with the three iptables binaries (iptables, iptables-save, and iptables-restore) to work with. They don't have a default location where they look for files (don't confuse the binaries with the scripts they get called from). The save/restore binaries need you to specify where you want to save to or restore from. On other distros this typically isn't as obvious because it's done in the startup/shutdown script, so you basically just know you need to do a "service iptables restart" (or whatever) and whatever location is set in the script (the "default") is used. If you want to keep things familiar to yourself just set the config file to be the same as it is in your most familiar distro. You could use the method I posted above, or create your own iptables startup/shutdown script in /etc/init.d and make the necessary links using update-rc.d. For the script, you could use one from another distro - you'll only need to do minor modifications. Whatever you choose, make sure the iptables rules get executed before the NIC(s) are loaded. This is for security reasons, as if not then you are creating a window of opportunity while your firewall is activated. It's a common newbie mistake, just look at how may people have iptables scripts in their rc.local file. |
All times are GMT -5. The time now is 04:25 AM. |