LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-01-2003, 05:41 PM   #1
qwijibow
LQ Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
how to get iptables to load rules on startup ?


Ok, ive read everything, got a good few rules working and saved them using iptables-save > /iptrules

i know i can load it again with
cat /iptrules | iptables-restore

but how can i set it up so that iptables load that on bootup ?

everythime i restart, iptables is using the default Accept policy on everything and minimal rules.

thanX.
 
Old 09-01-2003, 08:26 PM   #2
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
You can put the command in /etc/rc.d/rc.local and they will execute on startup. If you want to be really paranoid, you can find the script that sets up and starts your ethernet connection and put the lines there (on my system that is /etc/rc.d/rc.inet1) before the ethernet connection is set up.
 
Old 09-01-2003, 10:15 PM   #3
Robert0380
LQ Guru
 
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280

Rep: Reputation: 47
rather than cloggin up files with iptables rules, make it its own script (some use rc.firewall, mine is firewall.sh) and rather than fill up a file that can be used for other things, you can just call your firewall script.

in my rc.local i have:

sh /etc/firewall.sh

as an example.
 
Old 09-02-2003, 06:49 AM   #4
qwijibow
LQ Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Original Poster
Rep: Reputation: 47
its only a 1 liner....
cat /iptables | iptables-restore

so i might aswell just slap it in

when ip booting, (just before the loopback interface is brough up)
i get messages that iptables is being flushed and restored...

so when does this rc.local scrip execute ?
if its before the loopback comes online, its just going to flush iptables anyway.

and since iptables always has some simple rules in it when ive booted, there myst be an existing rule file somwhere ?????

id prefere to directly change that if its possible, any ideas ??
 
Old 09-02-2003, 07:27 AM   #5
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
I guess I've always worked off of separate iptables script files like Robert suggested rather than messing around with iptables-save and iptables-restore. I've got about 4 scripts for various purposes (usually opening and closing specific ports that I don't want open all the time). If I'm reading the iptables-save and -restore man pages correctly, they are just reading from either a file or standard input/output. There doesn't seem to be a default file that it is reading from. That said, you may want to go wandering through the scripts it /etc/rc.d and look for where iptables is being called. That should clear up why you're seeing the messages you are during boot up.

Finally, rc.local is the last thing run during the boot. That's why I suggested looking in the rc.inet1 file and putting your line in there. I see no reason why you should have a live connection that doesn't have a firewall, even if only for a few seconds.
 
Old 09-02-2003, 09:48 AM   #6
mychl
Member
 
Registered: Jul 2001
Location: Earth
Posts: 164

Rep: Reputation: 30
I always use a custom script aswell. Then you only have to worry about one file.

I call my script iptables, put it in /etc/init.d/ and make sym links to it in /etc/rc.d/rc3.d

I make sure it loads before the network script loads, that way the firewall is in place before the network comes up.

Check my sig for the script, feel free to give it a try. You get much better control of what's going on in your system, also, if you need to make changes remotely, you have much better acces to a simple script than some RH interface.

my 2 cents
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how can i load iptables rules at startup synaptical Debian 6 07-15-2005 11:28 AM
IPTABLES - rules in /etc/sysconfig/iptables The_JinJ Linux - Newbie 6 11-20-2004 01:40 AM
iptables rules Fatz Linux - Security 1 08-05-2004 06:04 AM
startup script to set up iptables rules doesn't run alexfittyfives Debian 2 06-01-2004 07:21 PM
I can't load iptables rules Kinstonian Linux - General 15 04-13-2003 07:55 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration