Ubuntu This forum is for the discussion of Ubuntu Linux. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
09-11-2007, 09:25 PM
|
#1
|
Senior Member
Registered: Apr 2003
Posts: 3,695
Rep:
|
Where is iptables config file
Hi folks,
Ubuntu 7.04 server amd64
Where is iptables config file?
satimis@ubuntu:~$ sudo find / -name iptables.conf
satimis@ubuntu:~$ sudo find / -name iptables-rules
both w/o printout
satimis@ubuntu:~$ which iptables
/sbin/iptables
TIA
satimis
|
|
|
09-11-2007, 10:14 PM
|
#2
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
There's no default. You can set your iptables config anywhere you want. Add a "pre-up" line to your /etc/network/interfaces file, calling the iptables-restore command. Say you choose /etc/example.txt - in your /etc/network/interfaces file you'd have a line like:
Code:
pre-up iptables-restore < /etc/example.txt
This loads the iptables config before the network interfaces are put online. BTW, make sure you never edit your config file manually. Populate it with a iptables-save command, like:
Code:
iptables-save > /etc/example.txt
Last edited by win32sux; 10-14-2007 at 05:06 PM.
|
|
|
09-12-2007, 11:41 AM
|
#3
|
Senior Member
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Ubuntu 12.04, Antix19.3
Posts: 3,797
|
Best chance is in /etc or one of its subdirectories. Run one of following commands (while in /etc) to find it
Code:
sudo grep -R iptables *
grep -R iptables * 2>/dev/null
The latter suppresses error message like 'Permission denied' if you run grep as a normal user.
As far as I remember, there is a good chance that it's a script and not a simple config file.
|
|
|
09-12-2007, 11:49 AM
|
#4
|
Senior Member
Registered: Apr 2003
Posts: 3,695
Original Poster
Rep:
|
Quote:
Originally Posted by Wim Sturkenboom
Best chance is in /etc or one of its subdirectories. Run one of following commands (while in /etc) to find it
Code:
sudo grep -R iptables *
grep -R iptables * 2>/dev/null
The latter suppresses error message like 'Permission denied' if you run grep as a normal user.
As far as I remember, there is a good chance that it's a script and not a simple config file.
|
satimis@ubuntu:~$ cd /etc
satimis@ubuntu:/etc$ sudo grep -R iptables *
Password:
Code:
bash_completion:# Linux iptables(8) completion
bash_completion:have iptables &&
bash_completion:_iptables()
bash_completion: COMPREPLY=( $( compgen -W '`iptables $table -nL | \
bash_completion: `iptables $table -nL | sed -ne "$chain" \
bash_completion: MIRROR SNAT DNAT MASQUERADE `iptables $table -nL | \
bash_completion: MARK TOS `iptables $table -nL | sed -ne "$chain" \
bash_completion:complete -F _iptables iptables
Tks
B.R.
satimis
|
|
|
09-12-2007, 11:25 PM
|
#5
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Guys, for there to be a "default config location" you'd first need something like a startup/shutdown iptables script in /etc/init.d from which said config file would be referenced. Then, wherever that script expects to find the iptables config could be considered "the default config location". But because Ubuntu doesn't have a startup/shutdown script for iptables, there is no default iptables config location.
Ubuntu provides you with the three iptables binaries (iptables, iptables-save, and iptables-restore) to work with. They don't have a default location where they look for files (don't confuse the binaries with the scripts they get called from). The save/restore binaries need you to specify where you want to save to or restore from. On other distros this typically isn't as obvious because it's done in the startup/shutdown script, so you basically just know you need to do a "service iptables restart" (or whatever) and whatever location is set in the script (the "default") is used.
If you want to keep things familiar to yourself just set the config file to be the same as it is in your most familiar distro. You could use the method I posted above, or create your own iptables startup/shutdown script in /etc/init.d and make the necessary links using update-rc.d. For the script, you could use one from another distro - you'll only need to do minor modifications.
Whatever you choose, make sure the iptables rules get executed before the NIC(s) are loaded. This is for security reasons, as if not then you are creating a window of opportunity while your firewall is activated. It's a common newbie mistake, just look at how may people have iptables scripts in their rc.local file.
Last edited by win32sux; 09-13-2007 at 02:29 AM.
|
|
|
All times are GMT -5. The time now is 07:01 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|