LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Debian (https://www.linuxquestions.org/questions/debian-26/)
-   -   Do you need to start iptables on Debian (https://www.linuxquestions.org/questions/debian-26/do-you-need-to-start-iptables-on-debian-4175463486/)

OtagoHarbour 05-26-2013 07:36 AM
Do you need to start iptables on Debian
 
I have just installed Debian 7.0.0 and have used

Code:
sudo iptables-restore <saved.iptables
to reload my old iptables.

My question is, do you acually have to start or enable iptables (as with "ufw enable") or is it always running? I tried

Code:
peter@app-server:~$ sudo iptables -h | grep start
peter@app-server:~$ sudo iptables -h | grep enable
peter@app-server:~$
and, as indicated, I got no results.

Thanks,
Peter.

unSpawn 05-26-2013 08:25 AM
Moved: This thread is more suitable in the Debian forum (asking how to start the firewall isn't a security issue) and has been moved accordingly to help your thread/question get the exposure it deserves.

Your options are to put a script or line running '/path/to/iptables-restore < /path/to/saved.iptables' in:
- /etc/rc.d/rc.local, or
- /etc/init.d/rcS (not recommended), or
- /etc/network/if-preup.d/ (or /etc/network/if-up.d/) or
- you could create a /etc/init.d/firewall script yourself (and use 'update-rc.d' to enable it), or
- use a front-end application that takes care of things if you like that kind of convenience / hassle.

OtagoHarbour 05-26-2013 11:51 AM
Quote:
Originally Posted by unSpawn (Post 4959178)
Moved: This thread is more suitable in the Debian forum (asking how to start the firewall isn't a security issue) and has been moved accordingly to help your thread/question get the exposure it deserves.

Your options are to put a script or line running '/path/to/iptables-restore < /path/to/saved.iptables' in:
- /etc/rc.d/rc.local, or
- /etc/init.d/rcS (not recommended), or
- /etc/network/if-preup.d/ (or /etc/network/if-up.d/) or
- you could create a /etc/init.d/firewall script yourself (and use 'update-rc.d' to enable it), or
- use a front-end application that takes care of things if you like that kind of convenience / hassle.
I could not find /etc/rc.d/rc.local but did find /etc/init.d/rc.local. Should I put '/path/to/iptables-restore < /path/to/saved.iptables' in the latter?

Also, is '/path/to/iptables-restore < /path/to/saved.iptables' sufficient to get my iptables running? Apparently RedHat uses

Code:
sudo iptables start
(which gave the following error message on my Debian system.

Code:
Bad argument `start'
)

Does Debian have an equivalent?

Thanks,
Peter.

unSpawn 05-26-2013 01:02 PM
Quote:
Originally Posted by OtagoHarbour (Post 4959298)
Should I put '/path/to/iptables-restore < /path/to/saved.iptables' in the latter?
Yes, you could.
*Probably superfluous but you should note "/path/to/" indicates you should supply the valid, full path to the files.


Quote:
Originally Posted by OtagoHarbour (Post 4959298)
Also, is '/path/to/iptables-restore < /path/to/saved.iptables' sufficient to get my iptables running?
That depends: see 'man iptables-restore' for arguments you might want to add. rc.local is basically a shell script too so you can also use conditions or string commands together.


Quote:
Originally Posted by OtagoHarbour (Post 4959298)
Apparently RedHat uses
Code:
sudo iptables start
(..) Does Debian have an equivalent?
Using an init script instead of rc.local allows you to enter more commands (its just a shell script) and access to "start, stop, status" commands while rc.local will be run only once on boot. The only difference is that you need to create one yourself if the system doesn't provide one and even that isn't a problem as there's plenty of examples in the /etc/rc.d/init.d/ directory.


*Also see:
- http://www.debian.org/doc/manuals/de.../index.en.html
- http://debian-handbook.info/browse/wheezy/


All times are GMT -5. The time now is 03:31 PM.