LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   how to save iptables commands? (https://www.linuxquestions.org/questions/linux-newbie-8/how-to-save-iptables-commands-4175438648/)

qwertyjjj 11-25-2012 11:10 AM
how to save iptables commands?
 
If I issue a command like this rather than write it in the iptables file:
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT

how do I get that command to be automatically scripted to the iptables file in /etc/sysconfig/iptables?

deswarf 11-25-2012 11:20 AM
If I understood you right
to save
Code:
iptables-save >> savefile
to restore respectivelly
Code:
iptables-restore << savefile
for doing it automatically could add line
Code:
pre-up iptables-restore < savefile
in /etc/interfaces

qwertyjjj 11-25-2012 11:53 AM
Quote:
Originally Posted by deswarf (Post 4836657)
If I understood you right
to save
Code:
iptables-save >> savefile
to restore respectivelly
Code:
iptables-restore << savefile
for doing it automatically could add line
Code:
pre-up iptables-restore < savefile
in /etc/interfaces
yes but if you add a line using iptables on the command line, it doesn't write it into the iptables file.

deswarf 11-25-2012 12:05 PM
Code:
iptables-save > /etc/sysconfig/iptables
?

deswarf 11-25-2012 12:38 PM
or you need it to be written immediately as soon as you press 'enter'?
maybe then
Code:
ipt='iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT' ; eval $ipt ; echo $ipt >> /etc/sysconfig/iptables

fakie_flip 11-25-2012 12:41 PM
On a CentOS system, edit

/etc/sysconfig/iptables

then to make your changes take effect

iptables-restore < /etc/sysconfig/iptables

This file exists in my Fedora system as well.

deswarf 11-25-2012 01:28 PM
Quote:
Originally Posted by deswarf (Post 4836706)
or you need it to be written immediately as soon as you press 'enter'?
maybe then
Code:
ipt='iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT' ; eval $ipt ; echo $ipt >> /etc/sysconfig/iptables
the same could be done if to write such a script, name it for example iptwr.sh:
Code:
#/bin/bash
echo "input iptables rule"
 while true
do
read ipt
 eval $ipt
err=$?
 if [ $err -ne 0 ]
then
    echo "error code $err"
    else
echo $ipt >> /etc/sysconfig/iptables
echo "OK, next rule"
fi
done
simple start it with ./iptwr.sh command and type your rule. The script will execute and check the rule after pressing ENTER, and write it to /etc/sysconfig/iptables if it's ok or return an error code.

qwertyjjj 11-25-2012 03:50 PM
What if you have already used a command like
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT

How do you get that written to the file just by saving it?

deswarf 11-25-2012 04:20 PM
Quote:
Originally Posted by qwertyjjj (Post 4836817)
What if you have already used a command like
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT

How do you get that written to the file just by saving it?
I'm afraid that I did not get your question...:confused:
If you're asking about the command for addition of the lines to file then it is realised in script with $ipt >> /etc/sysconfig/iptables
It simple adds the line at the end of that file. Or you'd like to have more difficult script that don't add commands that are already written?

But if that line is not written yet then you do need to iptables-save > /etc/sysconfig/iptables

chrism01 11-26-2012 12:26 AM
On Centos

1. cp /etc/sysconfig/iptables /etc/sysconfig/iptables.YYYYMMDD_HHMM
2. vi /etc/sysconfig/iptables
3. service iptables restart

(Strictly speaking iptables isn't a service, but the functionality is there to treat it as such)

fakie_flip 11-26-2012 12:54 AM
Using CentOS with Plesk? Plesk is a virus for Linux. So is CPanel.


All times are GMT -5. The time now is 12:19 PM.