Hello,

I'm trying to setup iptables on Debian Etch.
I added all the rule I need and now trying to find an easy way to start/stop iptables.

On Debian Etch 4.0, where is oldinitdscript.gz ?
I don't think it's there anymore. I checked /usr/share/doc/iptables/examples/ and examples/ doesn't exist.

So instead, I did iptables-save > iptables in /etc/network/if-up.d/ and chmod 700 and tried restarting it and I get:

/etc/network/if-up.d/iptables: line 2: *filter: command not found
/etc/network/if-up.d/iptables: line 3: :INPUT: command not found
/etc/network/if-up.d/iptables: line 4: :FORWARD: command not found
/etc/network/if-up.d/iptables: line 5: :OUTPUT: command not found
/etc/network/if-up.d/iptables: line 6: -A: command not found
/etc/network/if-up.d/iptables: line 7: -A: command not found

/etc/network/if-up.d/iptables: line 8: -A: command not found
/etc/network/if-up.d/iptables: line 9: COMMIT: command not found


Any suggestion?

Thanks.

Hi,

put all iptables rules to an file for example firewall.sh
copy firewall.sh in /etc/init.d/
do
update-rc.d firewall.sh defaults ( in /etc/init.d/ ).

Please see man update-rc.d I am not sure about above commmand.

Reboot ( it should works )

Regards

Sarajevo

... and take a look at



http://iptables-tutorial.frozentux.n...-tutorial.html

the best place for all questions related to iptables

Regards

Thanks for the info.
I did what you suggested and it seems to work however, when I run the firewall.sh, it generates these errors saying command not found.
So I added #!/bin/sh to the top of the firewall.sh but still same thing.
Anyway, it's no big deal as long as it's working...

/etc/init.d/iptables.sh: line 3: *filter: command not found
/etc/init.d/iptables.sh: line 4: :INPUT: command not found
/etc/init.d/iptables.sh: line 5: :FORWARD: command not found
/etc/init.d/iptables.sh: line 6: :OUTPUT: command not found
/etc/init.d/iptables.sh: line 7: -A: command not found
/etc/init.d/iptables.sh: line 8: -A: command not found
/etc/init.d/iptables.sh: line 9: -A: command not found
/etc/init.d/iptables.sh: line 10: -A: command not found
/etc/init.d/iptables.sh: line 11: -A: command not found
/etc/init.d/iptables.sh: line 12: -A: command not found
/etc/init.d/iptables.sh: line 13: -A: command not found
/etc/init.d/iptables.sh: line 14: -A: command not found
/etc/init.d/iptables.sh: line 15: -A: command not found
/etc/init.d/iptables.sh: line 16: -A: command not found
/etc/init.d/iptables.sh: line 17: -A: command not found
/etc/init.d/iptables.sh: line 18: -A: command not found
/etc/init.d/iptables.sh: line 19: -A: command not found
/etc/init.d/iptables.sh: line 20: -A: command not found
/etc/init.d/iptables.sh: line 21: COMMIT: command not found

Apparently the contents of the file is not correct. It was created as the output of "iptables -save". That is not a correct bash script. What you only can do with that file is to load it back into iptables with "iptables -load".

You should create a file containing bash commands which call iptables with the correct parameters. What you then actually do is clean out all iptables settings, and give iptables instructions to build a firewall from scratch. That is something different from loading a iptables configuration.

There are plenty of examples on the Internet about building such files.

Where you put the firewall.sh file now is correct.

jlinkels

Hi,

I have firewall scripts in the following path : /etc/scripts/firewall.sh

I need to restart the firewall.sh service ...how can i do it

Can u please tell me the command to restart the firewall.sh service

Thanks
Nixon.M

The firewall.sh is not a service. It is a collection of instructions to iptables what configuration to set.

If you run the file /etc/scripts/firewall.sh and the firewall.sh is a correct and valid script, iptables will be set up correctly.

The command to run is (as root)
/etc/scripts/firewall.sh

I hope you looked up the examples how to create such a script. If so, ther should be no problem.

jlinkels