Iptables: Difference between revisions

To create persistent rules with iptables you could use the Debian/Ubuntu package: iptables-persistent

• 1st method

apt-get update
apt-get install iptables-persistent -y

To export and save current rules:

iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6

After each reboot all rules will be restored automatically through an init-script.

NB: The initscript is called: /etc/init.d/netfilter-persistent

• 2nd method

Close all requests to scribe coming from the outside (added to /etc/iptables.rules)

*filter
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 2101 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 -j REJECT --reject-with icmp-port-unreachable
COMMIT

Make it persistent through reboot by creating (and making executable) /etc/network/if-pre-up.d/iptables:

#!/bin/bash
/sbin/iptables-restore < /etc/iptables.rules

Make it executbale:

chmod +x /etc/network/if-pre-up.d/iptables