LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 02-23-2005, 11:08 PM   #1
mushmaster
Member
 
Registered: Aug 2004
Location: USA - PA
Distribution: ubuntu
Posts: 63

Rep: Reputation: 15
iptables startup script


i use this command:

iptables -A INPUT -p tcp --syn -j DROP

to get iptables set up and running like i like it.

i want to make it do that when i boot up, automatically.

how?
 
Old 02-24-2005, 02:01 AM   #2
harken
Member
 
Registered: Jan 2005
Location: Between the chair and the desk
Distribution: Debian Sarge, kernel 2.6.13
Posts: 666

Rep: Reputation: 30
Create a script containing the lines you wish, give it a easy to remember name, like firewall_script.sh, place it in /etc/init.d then run as root 'update-rc.d firewall_script.sh defaults'. That creates symlinks in etc/rc*.d to your script. Instead of default settings (start script in runlevels 2-5 and stop it in 0,1,6) you can choose others using the start and stop options.
 
Old 02-24-2005, 02:02 AM   #3
RHELL
Member
 
Registered: Feb 2004
Location: Outermost mingetty
Distribution: RHEL3,RH4U4,Sol9, Sol10
Posts: 321

Rep: Reputation: 31
http://www.die.net/doc/linux/man/man...es-save.8.html
 
Old 02-24-2005, 12:08 PM   #4
mushmaster
Member
 
Registered: Aug 2004
Location: USA - PA
Distribution: ubuntu
Posts: 63

Original Poster
Rep: Reputation: 15
wait a minute... iptables isn't some kind of program that needs to be running for a firewall to be up, it's just a command that configures packet filtering, right?

so it isn't something that needs to be "running" at all times, and there's no need to have it run at startup... or is there?
 
Old 02-24-2005, 12:19 PM   #5
harken
Member
 
Registered: Jan 2005
Location: Between the chair and the desk
Distribution: Debian Sarge, kernel 2.6.13
Posts: 666

Rep: Reputation: 30
I'll quote from the man pages:
Quote:
iptables - administration tool for IPv4 packet filtering and NAT...
DESCRIPTION
Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel...
TARGETS
A firewall rule specifies criteria for a packet, and a target.
Basically, with iptables you can create a firewall fitted to your demands.
Quote:
it's just a command that configures packet filtering, right?

so it isn't something that needs to be "running" at all times, and there's no need to have it run at startup... or is there?
To achieve packet filtering capabilities I think it's obvious that the program responsible with that needs to run continously. How else could it "see" and filter the packets?

And, after all, isn't this what you asked for in your first post?
Quote:
i want to make it do that when i boot up, automatically.

Last edited by harken; 02-24-2005 at 12:21 PM.
 
Old 02-24-2005, 12:30 PM   #6
voyciz
Member
 
Registered: Mar 2004
Distribution: Slackware
Posts: 425

Rep: Reputation: 40
I'm pretty new to this, harken, but I do believe you're wrong. I'm under the impression that iptables is used to modify rules in the kernel, and doesn't need to be running continuously. It's not a daemon.
 
Old 02-24-2005, 12:42 PM   #7
harken
Member
 
Registered: Jan 2005
Location: Between the chair and the desk
Distribution: Debian Sarge, kernel 2.6.13
Posts: 666

Rep: Reputation: 30
Yes, you're right A. F., I expressed myself wrong. Indeed, take a look at the first quote: it says that Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. I wasn't meaning iptables itself when I said the program must be running permanently. I ment that the "modifications" in the rules must be permanent in order to filter the packets and the iptables entries must be added each time the kernel boots.

Sorry, my mistake. Hope I got it right this time.
 
Old 02-24-2005, 01:31 PM   #8
michaelk
Moderator
 
Registered: Aug 2002
Posts: 20,408

Rep: Reputation: 3551Reputation: 3551Reputation: 3551Reputation: 3551Reputation: 3551Reputation: 3551Reputation: 3551Reputation: 3551Reputation: 3551Reputation: 3551Reputation: 3551
To be technically correct netfilter [edited] can be compiled into the kernel or loaded as modules. A typical start up script located in /etc/init.d would load the modules and rules.

I'm unfamilar with debian but there probably is a script called iptables-save which will save your current ruleset.

Last edited by michaelk; 02-24-2005 at 01:54 PM.
 
Old 02-24-2005, 01:46 PM   #9
voyciz
Member
 
Registered: Mar 2004
Distribution: Slackware
Posts: 425

Rep: Reputation: 40
michaelk, I thought it was netfilter that could be compiled into the kernel, not iptables...
 
Old 02-24-2005, 01:54 PM   #10
michaelk
Moderator
 
Registered: Aug 2002
Posts: 20,408

Rep: Reputation: 3551Reputation: 3551Reputation: 3551Reputation: 3551Reputation: 3551Reputation: 3551Reputation: 3551Reputation: 3551Reputation: 3551Reputation: 3551Reputation: 3551
Your correct I messed up.
 
Old 02-24-2005, 02:03 PM   #11
harken
Member
 
Registered: Jan 2005
Location: Between the chair and the desk
Distribution: Debian Sarge, kernel 2.6.13
Posts: 666

Rep: Reputation: 30
Well A.F., looks like you've got us both Nice job, two guys/day, keep it up!
 
Old 02-24-2005, 02:16 PM   #12
voyciz
Member
 
Registered: Mar 2004
Distribution: Slackware
Posts: 425

Rep: Reputation: 40
Haha, yeah, thanks. Just happened to remember those small details, still a newbie.
 
Old 02-25-2005, 12:32 PM   #13
RHELL
Member
 
Registered: Feb 2004
Location: Outermost mingetty
Distribution: RHEL3,RH4U4,Sol9, Sol10
Posts: 321

Rep: Reputation: 31
/sbin/iptables is the tool to alter rules
/etc/init.d/iptables is the wrapper that allows the daemon to be started/stopped/restarted. The actual filtering is done by netfilter, but the service is still called 'iptables'.

The rules can be edited from command line, and also saved, but the daemon must be running to control access to the host.

Not sure how the wrappers are controlled from debian, but it's 'service iptables start' from RH.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
problem loading iptables script on startup manicajk Linux - General 8 04-12-2009 11:37 AM
IPtables startup script - Fedora Nickj Linux - Security 2 07-29-2005 08:45 AM
iptables startup script vishamr2000 Linux - Security 3 04-29-2005 08:21 AM
startup script to set up iptables rules doesn't run alexfittyfives Debian 2 06-01-2004 07:21 PM
autostart iptables script on system startup step Linux - Networking 2 03-21-2003 07:25 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 09:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration