Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-01-2003, 05:41 PM
|
#1
|
LQ Guru
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672
Rep:
|
how to get iptables to load rules on startup ?
Ok, ive read everything, got a good few rules working and saved them using iptables-save > /iptrules
i know i can load it again with
cat /iptrules | iptables-restore
but how can i set it up so that iptables load that on bootup ?
everythime i restart, iptables is using the default Accept policy on everything and minimal rules.
thanX.
|
|
|
09-01-2003, 08:26 PM
|
#2
|
LQ Veteran
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
|
You can put the command in /etc/rc.d/rc.local and they will execute on startup. If you want to be really paranoid, you can find the script that sets up and starts your ethernet connection and put the lines there (on my system that is /etc/rc.d/rc.inet1) before the ethernet connection is set up.
|
|
|
09-01-2003, 10:15 PM
|
#3
|
LQ Guru
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280
Rep:
|
rather than cloggin up files with iptables rules, make it its own script (some use rc.firewall, mine is firewall.sh) and rather than fill up a file that can be used for other things, you can just call your firewall script.
in my rc.local i have:
sh /etc/firewall.sh
as an example.
|
|
|
09-02-2003, 06:49 AM
|
#4
|
LQ Guru
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672
Original Poster
Rep:
|
its only a 1 liner....
cat /iptables | iptables-restore
so i might aswell just slap it in
when ip booting, (just before the loopback interface is brough up)
i get messages that iptables is being flushed and restored...
so when does this rc.local scrip execute ?
if its before the loopback comes online, its just going to flush iptables anyway.
and since iptables always has some simple rules in it when ive booted, there myst be an existing rule file somwhere ?????
id prefere to directly change that if its possible, any ideas ??
|
|
|
09-02-2003, 07:27 AM
|
#5
|
LQ Veteran
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
|
I guess I've always worked off of separate iptables script files like Robert suggested rather than messing around with iptables-save and iptables-restore. I've got about 4 scripts for various purposes (usually opening and closing specific ports that I don't want open all the time). If I'm reading the iptables-save and -restore man pages correctly, they are just reading from either a file or standard input/output. There doesn't seem to be a default file that it is reading from. That said, you may want to go wandering through the scripts it /etc/rc.d and look for where iptables is being called. That should clear up why you're seeing the messages you are during boot up.
Finally, rc.local is the last thing run during the boot. That's why I suggested looking in the rc.inet1 file and putting your line in there. I see no reason why you should have a live connection that doesn't have a firewall, even if only for a few seconds.
|
|
|
09-02-2003, 09:48 AM
|
#6
|
Member
Registered: Jul 2001
Location: Earth
Posts: 164
Rep:
|
I always use a custom script aswell. Then you only have to worry about one file.
I call my script iptables, put it in /etc/init.d/ and make sym links to it in /etc/rc.d/rc3.d
I make sure it loads before the network script loads, that way the firewall is in place before the network comes up.
Check my sig for the script, feel free to give it a try. You get much better control of what's going on in your system, also, if you need to make changes remotely, you have much better acces to a simple script than some RH interface.
my 2 cents
|
|
|
All times are GMT -5. The time now is 02:19 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|