Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-11-2014, 11:38 PM
|
#1
|
LQ Addict
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,841
|
Iptables won't save for next boot
During attempts to make my machine a dhcp server I realized that my default iptables were very insecure & have been trying to setup some rules for my iptables.
Upon completion I use the command
but upon reboot they go back to the default.
My system is DebianWheezy
Any help would be appreciated.
|
|
|
06-12-2014, 02:26 AM
|
#2
|
Member
Registered: Aug 2004
Location: The Netherlands
Distribution: RedHat 2, 3, 4, 5, Fedora, SuSE, Gentoo
Posts: 372
Rep:
|
|
|
|
06-12-2014, 03:17 AM
|
#3
|
LQ Addict
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,841
Original Poster
|
I have looked at that page but thought that since iptables have long been implimented that I should've been able to save without add the iptables-persistant package.
Also I was trying to do it manually.
I Also know there are some GUI programs for firewall but I'd like to know how to configure manually.
If all else fails I will add iptables-persistant package, just for security purposes.
|
|
|
06-12-2014, 03:37 AM
|
#4
|
Member
Registered: Aug 2004
Location: The Netherlands
Distribution: RedHat 2, 3, 4, 5, Fedora, SuSE, Gentoo
Posts: 372
Rep:
|
Iptables afaik has never had the possibility to store its rules persistently. It has always been a process of exporting current rules in a file to be imported at bootup.
iptables-save has always been the means to do so, wrapped in a script to be executed to save the rules.
---------- Post added 12-06-14 at 09:37 ----------
The page describes where to export the rules to, to be loaded at bootup I assume (not a Debian user, sorry)
|
|
|
06-12-2014, 03:42 AM
|
#5
|
LQ Addict
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,841
Original Poster
|
I'm new to iptables but you would think that if there is a default file that it would be edited directly, unless there are instances where you only want allow something to pass thru only once.
Also the default upon reboot must be stored somewhere because it comes back even thoug you supposedly flushed it.
|
|
|
06-12-2014, 03:58 AM
|
#6
|
Member
Registered: Aug 2004
Location: The Netherlands
Distribution: RedHat 2, 3, 4, 5, Fedora, SuSE, Gentoo
Posts: 372
Rep:
|
With Iptables, being 'in-kernel' only, it needs to be initialized at each bootup. therefore, iptables-save provides the current ruleset to be stored in a file which can be read at boot again. the format is not really for manual editing, but it can be done.
the /etc/iptables/rules is that specific location where iptables-save output gets stored.
|
|
|
06-12-2014, 05:05 AM
|
#7
|
LQ Addict
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,841
Original Poster
|
Quote:
the /etc/iptables/rules is that specific location where iptables-save output gets stored.
|
Yes I wss reading that part just recently & the file needs to be created as stated in debian wiki. https://wiki.debian.org/iptables
|
|
|
06-14-2014, 02:36 PM
|
#8
|
LQ Addict
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,841
Original Poster
|
Well I ended up installing iptables-persistant & have now saved a basic set up i[tables rules from this article.
http://wiki.centos.org/HowTos/Network/IPTables
And also saved using this 1
http://www.thomas-krenn.com/en/wiki/...es_Permanently
This the output of iptables -L -v
Quote:
Chain INPUT (policy DROP 79 packets, 16099 bytes)
pkts bytes target prot opt in out source destination
4 200 ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 51 packets, 5514 bytes)
pkts bytes target prot opt in out source destination
|
Is there something that I should expand on?
|
|
|
06-17-2014, 06:30 AM
|
#9
|
Member
Registered: Aug 2004
Location: The Netherlands
Distribution: RedHat 2, 3, 4, 5, Fedora, SuSE, Gentoo
Posts: 372
Rep:
|
Not really sure what you're pointing at...
It seems you have quite a simplistic, but functional, firewall setting like that. If the 'iptables-persistant' package makes it restore the settings after a reboot (eg, just reboot, does 'iptables -Lv' show the same settings?), you're set. no need to 'expand' anything imo.
|
|
|
06-17-2014, 03:44 PM
|
#10
|
LQ Addict
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,841
Original Poster
|
Thank you for your response.
|
|
|
06-18-2014, 07:29 AM
|
#11
|
LQ Newbie
Registered: Jun 2014
Posts: 4
Rep:
|
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT 0 -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
|
|
|
06-18-2014, 12:03 PM
|
#12
|
LQ Addict
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,841
Original Poster
|
Quote:
Originally Posted by tairoylance112
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT 0 -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
|
Is this a more secure firewall?
Would it still allow me to ssh to my machine?
|
|
|
06-18-2014, 12:44 PM
|
#13
|
Member
Registered: Aug 2004
Location: The Netherlands
Distribution: RedHat 2, 3, 4, 5, Fedora, SuSE, Gentoo
Posts: 372
Rep:
|
No, items a rubbish post, no comments, no relevance at all. The shown data is incomplete even. Just remain at what you have
|
|
|
06-18-2014, 10:38 PM
|
#14
|
LQ Addict
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,841
Original Poster
|
Quote:
Originally Posted by rhoekstra
No, items a rubbish post, no comments, no relevance at all. The shown data is incomplete even. Just remain at what you have
|
Thank you for your input especially since you told me my basics would suffice.
I will have to go back to man iptables ti uderstand what they were referring to.
|
|
|
All times are GMT -5. The time now is 06:44 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|