IPTables: config files, scripts, saving etc...confused
Back everyone, with im hoping, a rather simple answer to my question.
Been wrapping my head around IPTables for 2 weeks now, and finally have been able to get a few rules the way I like. However, I am confused on a few things. let me explain. Currently working with Fedora Core 3. Now, adding rules via the command line is simple enough. Saving the rules is just a matter of: service iptables save Which, saves the rules to a file: /etc/sysconfig/iptables Now, where I a bit lost is in the use of variables. For instance, I am going to be setting up a multi-homed firewall with iptables. It will use a DMZ and private lan. WIth that, I need to somehow specify the interfaces and IP address for each one in my rules some how. But im confused. So how does one actually add variables to my rulesets? Can it be done via the command line? Can I edit /etc/init/iptables? Or maybe edit /etc/sysconfig/iptables? Im just confused on how to put in my variables for IPTables to use. If it calls for scripting, boy, I need to break out the books. It's been awhile. Hopefully, someone can clear this up for me. I appreciate it. Tarballed |
Don't touch the "/etc/sysconfig/iptables" or "/etc/init.d/iptables" files unless you know what you're doing. You can create a simple script, then save the changes to the appropriate files.
The script can be placed anywhere on your system as a standard file, then do "chmod +x scriptname" to make it executeable. It can be executed by "./scriptname" or "/directory/names/scriptname".. You can't simply type "scriptname" if you're in the same directory. The variables are used inside the script where you would want to use a certain value more than once, so if you used "eth0" a few times your script might look like: Code:
# EXAMPLE ONLY Remember, bacis shell scripting is just adding a bunch of commands into a file that you can simply type at the command prompt one after the other, it just automates it. Miles |
i do all firewall rules from a script.
Then make sure the script executes at boot up time. first rule is iptables -F then I can create any variable I want in that script example: iface=eth0 xpbox=192.168.0.1 iptables -A INPUT -i $iface -s $xpbox -p tcp -j ACCEPT Ok, stupid as a first rule, but it is there as an example. |
Got it.
Not only do I need to put in my iptables rules, but I cannot leave out the modules to be loaded as well. Once the script is executed, should work then. Thanks guys. |
If you create your firewall script, then execute it, then save it; the module loading does not get saved in "/etc/sysconfig/iptables".
If you plan on using initscripts to handle your iptables (perfectly ok), then you should manually add the modules you need to "/etc/sysconfig/iptables-config". Miles. |
All times are GMT -5. The time now is 04:18 PM. |