Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Create a script containing the lines you wish, give it a easy to remember name, like firewall_script.sh, place it in /etc/init.d then run as root 'update-rc.d firewall_script.sh defaults'. That creates symlinks in etc/rc*.d to your script. Instead of default settings (start script in runlevels 2-5 and stop it in 0,1,6) you can choose others using the start and stop options.
wait a minute... iptables isn't some kind of program that needs to be running for a firewall to be up, it's just a command that configures packet filtering, right?
so it isn't something that needs to be "running" at all times, and there's no need to have it run at startup... or is there?
iptables - administration tool for IPv4 packet filtering and NAT...
DESCRIPTION
Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel...
TARGETS
A firewall rule specifies criteria for a packet, and a target.
Basically, with iptables you can create a firewall fitted to your demands.
Quote:
it's just a command that configures packet filtering, right?
so it isn't something that needs to be "running" at all times, and there's no need to have it run at startup... or is there?
To achieve packet filtering capabilities I think it's obvious that the program responsible with that needs to run continously. How else could it "see" and filter the packets?
And, after all, isn't this what you asked for in your first post?
Quote:
i want to make it do that when i boot up, automatically.
I'm pretty new to this, harken, but I do believe you're wrong. I'm under the impression that iptables is used to modify rules in the kernel, and doesn't need to be running continuously. It's not a daemon.
Yes, you're right A. F., I expressed myself wrong. Indeed, take a look at the first quote: it says that Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. I wasn't meaning iptables itself when I said the program must be running permanently. I ment that the "modifications" in the rules must be permanent in order to filter the packets and the iptables entries must be added each time the kernel boots.
To be technically correct netfilter [edited] can be compiled into the kernel or loaded as modules. A typical start up script located in /etc/init.d would load the modules and rules.
I'm unfamilar with debian but there probably is a script called iptables-save which will save your current ruleset.
/sbin/iptables is the tool to alter rules
/etc/init.d/iptables is the wrapper that allows the daemon to be started/stopped/restarted. The actual filtering is done by netfilter, but the service is still called 'iptables'.
The rules can be edited from command line, and also saved, but the daemon must be running to control access to the host.
Not sure how the wrappers are controlled from debian, but it's 'service iptables start' from RH.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.