Iptables: Difference between revisions
Jump to navigation
Jump to search
Anthoanthop (talk | contribs) No edit summary |
Anthoanthop (talk | contribs) No edit summary |
||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
To create persistent rules with iptables you could use the Debian/Ubuntu package: '''iptables-persistent''' | To create persistent rules with iptables you could use one of those methods. | ||
* 1st method: the Debian/Ubuntu package: '''iptables-persistent''' | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
Line 13: | Line 15: | ||
After each reboot all rules will be restored automatically through an init-script. | After each reboot all rules will be restored automatically through an init-script. | ||
NB: The initscript is called: /etc/init.d/netfilter-persistent | NB: The initscript is called: /etc/init.d/netfilter-persistent | ||
* 2nd method | |||
Close all requests to scribe coming from the outside (added to /etc/iptables.rules) | |||
<syntaxhighlight lang="bash">*filter | |||
:INPUT ACCEPT | |||
:FORWARD ACCEPT | |||
:OUTPUT ACCEPT | |||
-A INPUT -i eth0 -p tcp -m tcp --dport 2101 -j REJECT --reject-with icmp-port-unreachable | |||
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 -j REJECT --reject-with icmp-port-unreachable | |||
COMMIT | |||
</syntaxhighlight> | |||
Make it persistent through reboot by creating (and making executable) /etc/network/if-pre-up.d/iptables: | |||
<syntaxhighlight lang="bash"> | |||
#!/bin/bash | |||
/sbin/iptables-restore < /etc/iptables.rules | |||
</syntaxhighlight> | |||
Make it executbale: | |||
<syntaxhighlight lang="bash"> | |||
chmod +x /etc/network/if-pre-up.d/iptables | |||
</syntaxhighlight> |
Latest revision as of 14:49, 25 November 2016
To create persistent rules with iptables you could use one of those methods.
- 1st method: the Debian/Ubuntu package: iptables-persistent
apt-get update
apt-get install iptables-persistent -y
To export and save current rules:
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
After each reboot all rules will be restored automatically through an init-script.
NB: The initscript is called: /etc/init.d/netfilter-persistent
- 2nd method
Close all requests to scribe coming from the outside (added to /etc/iptables.rules)
*filter
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 2101 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 -j REJECT --reject-with icmp-port-unreachable
COMMIT
Make it persistent through reboot by creating (and making executable) /etc/network/if-pre-up.d/iptables:
#!/bin/bash
/sbin/iptables-restore < /etc/iptables.rules
Make it executbale:
chmod +x /etc/network/if-pre-up.d/iptables