Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
If the server restarts, does the information in iptables get lost?
I have seen a number of pages where people recommend readding lines or creating bash scripts to get it to work again.
What about files like squid.conf, ncsa_auth files, etc.?
Anything that's a .conf file is a text file, usually configured by the human, and will remain unchanged during reboot.
Iptables however has it's running configuration stored in the kernel-space somewhere (in memory) so yes, it does get wiped during reboot, and needs to be restored after boot. Iptables includes a few tools to do this, one of which (important) is the command `iptables-restore`.
You would have typically one of two or three common means of setting up your iptables after a boot:
1) Have an iptables "script" file, which you would implement with the `iptables-restore` command. The "script" I refer to can be created using `iptables-save > somefile` to dump your running configuration to a file.
2) Have a (bash or other scripting language) firewall script, which reads its configuration file(s) and then sets up iptables.
3) OR, have a bash script (or other language) which actually runs a series of "iptables -A" commands directly, putting in place the chains & filters that you want.
Check the iptables man page -- it's very complete, but can be confusing -- or try HERE for what I have found to be a really handy breakdown of how to do lots of iptables stuff. Sections 8.3 and 8.4 talk about iptables-save/restore.
Sasha
Last edited by GrapefruiTgirl; 08-09-2009 at 08:59 AM.
Will this work in CentOS?
/etc/init.d/iptables save
One document said to do this:
Quote:
Example
For example, save current iptables firewall rules:
# iptables-save > /root/dsl.fw
To restore iptables rules:
# iptables-restore < /root/dsl.fw
Redhat/Fedora core linux
To restore rules automatically upon Linux system reboot add following command to your /etc/rc.local (if you are using Fedora or Red Hat Linux):
# vi /etc/rc.local
Append the line:
iptables-restore < /root/dsl.fw
Assuming that the symlink /etc/init.d/iptables exists, then yes, it should work. However, note in the Example you quoted, you need to use a redirect > to direct the save into a file. This file is then used to restore the identical configuration later.
I can't speak directly about how a CentOS server/system is configured, but the iptables program(s) work the same, regardless of the Linux; it's just the locations of the binarie(s) and the individual init script locations that may differ.
Assuming that the symlink /etc/init.d/iptables exists, then yes, it should work. However, note in the Example you quoted, you need to use a redirect > to direct the save into a file. This file is then used to restore the identical configuration later.
I can't speak directly about how a CentOS server/system is configured, but the iptables program(s) work the same, regardless of the Linux; it's just the locations of the binarie(s) and the individual init script locations that may differ.
Sasha
Ok.
So, what the difference between running this:
/etc/init.d/iptables save
and this:
# iptables-save > /root/dsl.fw
To restore rules automatically upon Linux system reboot add following command to your /etc/rc.local (if you are using Fedora or Red Hat Linux):
# vi /etc/rc.local
Append the line:
iptables-restore < /root/dsl.fw
The first one just seems to be an auto command, yet the 2nd you have to save a file and then change a system file.
So, what the difference between running this:
/etc/init.d/iptables save
and this:
# iptables-save > /root/dsl.fw
To restore rules automatically upon Linux system reboot add following command to your /etc/rc.local (if you are using Fedora or Red Hat Linux):
# vi /etc/rc.local
Append the line:
iptables-restore < /root/dsl.fw
The first one just seems to be an auto command, yet the 2nd you have to save a file and then change a system file.
You'd need to look on your own system, and see exactly what is the file /etc/init.d/iptables. It's probably a symlink. And without specifying a file or location to save *to*, I have no clue *where* the saved data will go..
It's end result is otherwise exactly the same as the iptables-save > /root/dsl.fw except here, we see the data being saved to the file dsl.fw.
rc.local is a init script, executed as root during boot of the machine. In it, the user (you) can put stuff that is not default system configuration stuff, but which you would like to run at the end of the boot process. I use it to execute my firewall, run hdparm, modprobe a modem driver, and stuff like this. It is technically a 'system file' but it is there for your own custom config options.
There's a similar file you can use, called rc.local.shutdown where you can put stuff that you want executed automatically during shutdown too.
The line you put up there which is iptables-restore < /root/dsl.fw just causes the iptables configuration to be restored during boot.
In Centos (RedHat for the poor) your /etc/init.d/iptables save will
put the config file into /etc/sysconfig/iptables.
If you've run service iptables on
that is all you need to do. While there's nothing wrong with your
way of doing things it would make sense to stick with the methodology
of the distro you're using.
In Centos (RedHat for the poor) your /etc/init.d/iptables save will
put the config file into /etc/sysconfig/iptables.
If you've run service iptables on
that is all you need to do. While there's nothing wrong with your
way of doing things it would make sense to stick with the methodology
of the distro you're using.
Cheers,
Tink
service iptables on or service iptables start?
I have run iptables restart a few times to flush after adding new rules so it that the same thing?
So, using this method there is no need to save the settings anywhere?
The same rules will be used even if the server is restarted?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.