LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Ubuntu (https://www.linuxquestions.org/questions/ubuntu-63/)
-   -   Where is iptables config file (https://www.linuxquestions.org/questions/ubuntu-63/where-is-iptables-config-file-584024/)

satimis 09-11-2007 08:25 PM
Where is iptables config file
 
Hi folks,


Ubuntu 7.04 server amd64

Where is iptables config file?

satimis@ubuntu:~$ sudo find / -name iptables.conf
satimis@ubuntu:~$ sudo find / -name iptables-rules
both w/o printout

satimis@ubuntu:~$ which iptables
/sbin/iptables


TIA


satimis

win32sux 09-11-2007 09:14 PM
There's no default. You can set your iptables config anywhere you want. Add a "pre-up" line to your /etc/network/interfaces file, calling the iptables-restore command. Say you choose /etc/example.txt - in your /etc/network/interfaces file you'd have a line like:
Code:
pre-up iptables-restore < /etc/example.txt
This loads the iptables config before the network interfaces are put online. BTW, make sure you never edit your config file manually. Populate it with a iptables-save command, like:
Code:
iptables-save > /etc/example.txt

Wim Sturkenboom 09-12-2007 10:41 AM
Best chance is in /etc or one of its subdirectories. Run one of following commands (while in /etc) to find it
Code:
sudo grep -R iptables *
grep -R iptables * 2>/dev/null
The latter suppresses error message like 'Permission denied' if you run grep as a normal user.

As far as I remember, there is a good chance that it's a script and not a simple config file.

satimis 09-12-2007 10:49 AM
Quote:
Originally Posted by Wim Sturkenboom (Post 2889738)
Best chance is in /etc or one of its subdirectories. Run one of following commands (while in /etc) to find it
Code:
sudo grep -R iptables *
grep -R iptables * 2>/dev/null
The latter suppresses error message like 'Permission denied' if you run grep as a normal user.

As far as I remember, there is a good chance that it's a script and not a simple config file.
satimis@ubuntu:~$ cd /etc
satimis@ubuntu:/etc$ sudo grep -R iptables *
Password:
Code:
bash_completion:# Linux iptables(8) completion
bash_completion:have iptables &&
bash_completion:_iptables()
bash_completion:                COMPREPLY=( $( compgen -W '`iptables $table -nL | \
bash_completion:                    `iptables $table -nL | sed -ne "$chain" \
bash_completion:                    MIRROR SNAT DNAT MASQUERADE `iptables $table -nL | \
bash_completion:                    MARK TOS `iptables $table -nL | sed -ne "$chain" \
bash_completion:complete -F _iptables iptables
Tks


B.R.
satimis

win32sux 09-12-2007 10:25 PM
Guys, for there to be a "default config location" you'd first need something like a startup/shutdown iptables script in /etc/init.d from which said config file would be referenced. Then, wherever that script expects to find the iptables config could be considered "the default config location". But because Ubuntu doesn't have a startup/shutdown script for iptables, there is no default iptables config location.

Ubuntu provides you with the three iptables binaries (iptables, iptables-save, and iptables-restore) to work with. They don't have a default location where they look for files (don't confuse the binaries with the scripts they get called from). The save/restore binaries need you to specify where you want to save to or restore from. On other distros this typically isn't as obvious because it's done in the startup/shutdown script, so you basically just know you need to do a "service iptables restart" (or whatever) and whatever location is set in the script (the "default") is used.

If you want to keep things familiar to yourself just set the config file to be the same as it is in your most familiar distro. You could use the method I posted above, or create your own iptables startup/shutdown script in /etc/init.d and make the necessary links using update-rc.d. For the script, you could use one from another distro - you'll only need to do minor modifications.

Whatever you choose, make sure the iptables rules get executed before the NIC(s) are loaded. This is for security reasons, as if not then you are creating a window of opportunity while your firewall is activated. It's a common newbie mistake, just look at how may people have iptables scripts in their rc.local file.


All times are GMT -5. The time now is 04:25 AM.