LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-11-2014, 11:38 PM   #1
EDDY1
LQ Addict
 
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,841

Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
Iptables won't save for next boot


During attempts to make my machine a dhcp server I realized that my default iptables were very insecure & have been trying to setup some rules for my iptables.
Upon completion I use the command
Code:
iptales-save -c
but upon reboot they go back to the default.
My system is DebianWheezy
Any help would be appreciated.
 
Old 06-12-2014, 02:26 AM   #2
rhoekstra
Member
 
Registered: Aug 2004
Location: The Netherlands
Distribution: RedHat 2, 3, 4, 5, Fedora, SuSE, Gentoo
Posts: 372

Rep: Reputation: 42
Would this page help? http://www.thomas-krenn.com/en/wiki/...es_Permanently
 
Old 06-12-2014, 03:17 AM   #3
EDDY1
LQ Addict
 
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,841

Original Poster
Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
I have looked at that page but thought that since iptables have long been implimented that I should've been able to save without add the iptables-persistant package.
Also I was trying to do it manually.
I Also know there are some GUI programs for firewall but I'd like to know how to configure manually.
If all else fails I will add iptables-persistant package, just for security purposes.
 
Old 06-12-2014, 03:37 AM   #4
rhoekstra
Member
 
Registered: Aug 2004
Location: The Netherlands
Distribution: RedHat 2, 3, 4, 5, Fedora, SuSE, Gentoo
Posts: 372

Rep: Reputation: 42
Iptables afaik has never had the possibility to store its rules persistently. It has always been a process of exporting current rules in a file to be imported at bootup.

iptables-save has always been the means to do so, wrapped in a script to be executed to save the rules.

---------- Post added 12-06-14 at 09:37 ----------

The page describes where to export the rules to, to be loaded at bootup I assume (not a Debian user, sorry)
 
Old 06-12-2014, 03:42 AM   #5
EDDY1
LQ Addict
 
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,841

Original Poster
Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
I'm new to iptables but you would think that if there is a default file that it would be edited directly, unless there are instances where you only want allow something to pass thru only once.
Also the default upon reboot must be stored somewhere because it comes back even thoug you supposedly flushed it.
 
Old 06-12-2014, 03:58 AM   #6
rhoekstra
Member
 
Registered: Aug 2004
Location: The Netherlands
Distribution: RedHat 2, 3, 4, 5, Fedora, SuSE, Gentoo
Posts: 372

Rep: Reputation: 42
With Iptables, being 'in-kernel' only, it needs to be initialized at each bootup. therefore, iptables-save provides the current ruleset to be stored in a file which can be read at boot again. the format is not really for manual editing, but it can be done.

the /etc/iptables/rules is that specific location where iptables-save output gets stored.
 
Old 06-12-2014, 05:05 AM   #7
EDDY1
LQ Addict
 
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,841

Original Poster
Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
Quote:
the /etc/iptables/rules is that specific location where iptables-save output gets stored.
Yes I wss reading that part just recently & the file needs to be created as stated in debian wiki.https://wiki.debian.org/iptables
 
Old 06-14-2014, 02:36 PM   #8
EDDY1
LQ Addict
 
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,841

Original Poster
Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
Well I ended up installing iptables-persistant & have now saved a basic set up i[tables rules from this article.
http://wiki.centos.org/HowTos/Network/IPTables
And also saved using this 1
http://www.thomas-krenn.com/en/wiki/...es_Permanently

This the output of iptables -L -v
Quote:
Chain INPUT (policy DROP 79 packets, 16099 bytes)
pkts bytes target prot opt in out source destination
4 200 ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 51 packets, 5514 bytes)
pkts bytes target prot opt in out source destination
Is there something that I should expand on?
 
Old 06-17-2014, 06:30 AM   #9
rhoekstra
Member
 
Registered: Aug 2004
Location: The Netherlands
Distribution: RedHat 2, 3, 4, 5, Fedora, SuSE, Gentoo
Posts: 372

Rep: Reputation: 42
Not really sure what you're pointing at...

It seems you have quite a simplistic, but functional, firewall setting like that. If the 'iptables-persistant' package makes it restore the settings after a reboot (eg, just reboot, does 'iptables -Lv' show the same settings?), you're set. no need to 'expand' anything imo.
 
Old 06-17-2014, 03:44 PM   #10
EDDY1
LQ Addict
 
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,841

Original Poster
Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
Thank you for your response.
 
Old 06-18-2014, 07:29 AM   #11
tairoylance112
LQ Newbie
 
Registered: Jun 2014
Posts: 4

Rep: Reputation: 0
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT 0 -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
 
Old 06-18-2014, 12:03 PM   #12
EDDY1
LQ Addict
 
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,841

Original Poster
Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
Quote:
Originally Posted by tairoylance112 View Post
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT 0 -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Is this a more secure firewall?
Would it still allow me to ssh to my machine?
 
Old 06-18-2014, 12:44 PM   #13
rhoekstra
Member
 
Registered: Aug 2004
Location: The Netherlands
Distribution: RedHat 2, 3, 4, 5, Fedora, SuSE, Gentoo
Posts: 372

Rep: Reputation: 42
No, items a rubbish post, no comments, no relevance at all. The shown data is incomplete even. Just remain at what you have
 
Old 06-18-2014, 10:38 PM   #14
EDDY1
LQ Addict
 
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,841

Original Poster
Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
Quote:
Originally Posted by rhoekstra View Post
No, items a rubbish post, no comments, no relevance at all. The shown data is incomplete even. Just remain at what you have
Thank you for your input especially since you told me my basics would suffice.
I will have to go back to man iptables ti uderstand what they were referring to.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables error in android: iptables-save and iptables-restore not working preetb123 Linux - Mobile 5 04-11-2011 02:56 PM
Windows laptop won't boot up - can I use a Live Linux CD to save my data? sllinux Linux - Newbie 1 04-21-2010 07:12 PM
iptables-save, but rules don't load on boot-up kpachopoulos Debian 2 11-18-2006 11:36 PM
Won't boot due to etc.ioctl.save not in EMB chillie Amigo 3 04-21-2005 04:37 PM
Priority: script to run on boot vs. "service iptables save" iheardrain Linux - General 5 09-30-2004 10:53 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration