LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices

Reply
 
Search this Thread
Old 09-11-2007, 08:25 PM   #1
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,385

Rep: Reputation: 52
Where is iptables config file


Hi folks,


Ubuntu 7.04 server amd64

Where is iptables config file?

satimis@ubuntu:~$ sudo find / -name iptables.conf
satimis@ubuntu:~$ sudo find / -name iptables-rules
both w/o printout

satimis@ubuntu:~$ which iptables
/sbin/iptables


TIA


satimis
 
Old 09-11-2007, 09:14 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
There's no default. You can set your iptables config anywhere you want. Add a "pre-up" line to your /etc/network/interfaces file, calling the iptables-restore command. Say you choose /etc/example.txt - in your /etc/network/interfaces file you'd have a line like:
Code:
pre-up iptables-restore < /etc/example.txt
This loads the iptables config before the network interfaces are put online. BTW, make sure you never edit your config file manually. Populate it with a iptables-save command, like:
Code:
iptables-save > /etc/example.txt

Last edited by win32sux; 10-14-2007 at 04:06 PM.
 
Old 09-12-2007, 10:41 AM   #3
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
Best chance is in /etc or one of its subdirectories. Run one of following commands (while in /etc) to find it
Code:
sudo grep -R iptables *
grep -R iptables * 2>/dev/null
The latter suppresses error message like 'Permission denied' if you run grep as a normal user.

As far as I remember, there is a good chance that it's a script and not a simple config file.
 
Old 09-12-2007, 10:49 AM   #4
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,385

Original Poster
Rep: Reputation: 52
Quote:
Originally Posted by Wim Sturkenboom View Post
Best chance is in /etc or one of its subdirectories. Run one of following commands (while in /etc) to find it
Code:
sudo grep -R iptables *
grep -R iptables * 2>/dev/null
The latter suppresses error message like 'Permission denied' if you run grep as a normal user.

As far as I remember, there is a good chance that it's a script and not a simple config file.
satimis@ubuntu:~$ cd /etc
satimis@ubuntu:/etc$ sudo grep -R iptables *
Password:
Code:
bash_completion:# Linux iptables(8) completion
bash_completion:have iptables &&
bash_completion:_iptables()
bash_completion:		COMPREPLY=( $( compgen -W '`iptables $table -nL | \
bash_completion:		    `iptables $table -nL | sed -ne "$chain" \
bash_completion:		    MIRROR SNAT DNAT MASQUERADE `iptables $table -nL | \
bash_completion:		    MARK TOS `iptables $table -nL | sed -ne "$chain" \
bash_completion:complete -F _iptables iptables
Tks


B.R.
satimis
 
Old 09-12-2007, 10:25 PM   #5
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Guys, for there to be a "default config location" you'd first need something like a startup/shutdown iptables script in /etc/init.d from which said config file would be referenced. Then, wherever that script expects to find the iptables config could be considered "the default config location". But because Ubuntu doesn't have a startup/shutdown script for iptables, there is no default iptables config location.

Ubuntu provides you with the three iptables binaries (iptables, iptables-save, and iptables-restore) to work with. They don't have a default location where they look for files (don't confuse the binaries with the scripts they get called from). The save/restore binaries need you to specify where you want to save to or restore from. On other distros this typically isn't as obvious because it's done in the startup/shutdown script, so you basically just know you need to do a "service iptables restart" (or whatever) and whatever location is set in the script (the "default") is used.

If you want to keep things familiar to yourself just set the config file to be the same as it is in your most familiar distro. You could use the method I posted above, or create your own iptables startup/shutdown script in /etc/init.d and make the necessary links using update-rc.d. For the script, you could use one from another distro - you'll only need to do minor modifications.

Whatever you choose, make sure the iptables rules get executed before the NIC(s) are loaded. This is for security reasons, as if not then you are creating a window of opportunity while your firewall is activated. It's a common newbie mistake, just look at how may people have iptables scripts in their rc.local file.

Last edited by win32sux; 09-13-2007 at 01:29 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Where is the iptables config file? huxflux Suse/Novell 4 06-20-2006 05:24 AM
Location iptables config file freakin'me Linux - Software 10 08-14-2005 08:01 AM
Where is the iptables default config file stored under SuSe 9.1 skunkburner Suse/Novell 4 02-03-2005 10:10 AM
where is the iptables dufault rules config file? ayiiq180 Linux - Software 2 12-18-2004 02:42 AM
location of iptables config file munisp Linux - Networking 1 12-13-2001 06:37 PM


All times are GMT -5. The time now is 04:40 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration