From LedHed's Wiki
| (One intermediate revision by the same user not shown) | |||
| Line 15: | Line 15: | ||
== Adding Rules == | == Adding Rules == | ||
| − | For more info on adding IPTable Rules see [IPTable Basics]<br> | + | For more info on adding IPTable Rules see [[IPTable Basics]]<br> |
| Line 126: | Line 126: | ||
chmod +x /etc/init.d/iptables | chmod +x /etc/init.d/iptables | ||
| + | |||
| + | |||
| + | == Add Script to Run-Levels == | ||
| + | update-rc.d iptables start 37 S . start 37 0 . start 37 6 . | ||
Latest revision as of 08:30, 29 December 2007
Reference: http://ubuntuforums.org/showthread.php?t=57111
By default Ubuntu & Debian don't come with an IPTables init script (Bitch Moan ....)
There are many ways to load your IPTables rulesets.
This is one approach.
Overview
Add rules to your iptables via the command line.
Save the rulesets to a file for later use (To survive a reboot).
Launch an init script which loads the previously saved rulesets at given run-levels.
Adding Rules
For more info on adding IPTable Rules see IPTable Basics
Saving the Rulesets
iptables-save > /etc/default/iptables-rules
This takes your currently applied rulesets and exports them to a file which the init script will use later.
The Script
Paste the following code into /etc/init.d/iptables.
#! /bin/sh #This is an Ubuntu adapted iptables script from gentoo #(http://www.gentoo.org) which was originally distributed #under the terms of the GNU General Public License v2 #and was Copyrighted 1999-2004 by the Gentoo Foundation # #This adapted version was intended for and ad-hoc personal #situation and as such no warranty is provided. . /lib/lsb/init-functions IPTABLES_SAVE="/etc/default/iptables-rules" SAVE_RESTORE_OPTIONS="-c" checkrules() { if [ ! -f ${IPTABLES_SAVE} ] then echo "Not starting iptables. First create some rules then run" echo "\"/etc/init.d/iptables save\"" return 1 fi } save() { /sbin/iptables-save ${SAVE_RESTORE_OPTIONS} > ${IPTABLES_SAVE} return $? } start(){ checkrules || return 1 /sbin/iptables-restore ${SAVE_RESTORE_OPTIONS} < ${IPTABLES_SAVE} return $? } case "$1" in save) echo -n "Saving iptables state..." save if [ $? -eq 0 ] ; then echo " ok" else echo " error !" fi ;; start) log_begin_msg "Loading iptables state and starting firewall..." start log_end_msg $? ;; stop) log_begin_msg "Stopping firewall..." for a in `cat /proc/net/ip_tables_names`; do /sbin/iptables -F -t $a /sbin/iptables -X -t $a if [ $a == nat ]; then /sbin/iptables -t nat -P PREROUTING ACCEPT /sbin/iptables -t nat -P POSTROUTING ACCEPT /sbin/iptables -t nat -P OUTPUT ACCEPT elif [ $a == mangle ]; then /sbin/iptables -t mangle -P PREROUTING ACCEPT /sbin/iptables -t mangle -P INPUT ACCEPT /sbin/iptables -t mangle -P FORWARD ACCEPT /sbin/iptables -t mangle -P OUTPUT ACCEPT /sbin/iptables -t mangle -P POSTROUTING ACCEPT elif [ $a == filter ]; then /sbin/iptables -t filter -P INPUT ACCEPT /sbin/iptables -t filter -P FORWARD ACCEPT /sbin/iptables -t filter -P OUTPUT ACCEPT fi done log_end_msg 0 ;; restart) log_begin_msg "Restarting firewall..." for a in `cat /proc/net/ip_tables_names`; do /sbin/iptables -F -t $a /sbin/iptables -X -t $a done; start log_end_msg $? ;; *) echo "Usage: /etc/init.d/iptables {start|stop|restart|save}" >&2 exit 1 ;; esac exit 0
Make the script Executable
chmod +x /etc/init.d/iptables
Add Script to Run-Levels
update-rc.d iptables start 37 S . start 37 0 . start 37 6 .
More to Come