iptables on warty
jim at egressive.com
Tue Mar 1 22:10:58 UTC 2005
On Tue, 2005-03-01 at 09:57 +0300, wild madagascar wrote:
> On Tue, 2005-03-01 at 12:10 +1300, Jim Cheetham wrote:
> > A common place is /var/lib/iptables/active, so you should run
> > $ sudo iptables-save > /var/lib/iptables/active
> If I save it the way you suggest, do I still need to write the script as
> kirtis and Christoph suggested?
Yes - just saving the current iptables config does not get it
You have a choice in approach - you would write a script that sets up
the rules one by one (this is a good and flexible approach) or one that
just restores the previous saved state (this is useful in a 'stable'
In either case, you'll need a script that is run when the machine starts
up - and despite comments to others about using cron's @reboot facility,
firewalling is important enough to be done "properly", and therefore
Kirtis suggestion is the right one. Christoph's is functionally
identical, too - although I would prefer to see the original script
in /etc/init.d rather than elsewhere.
I suggest that you don't bother with iptables-save and iptables-restore,
and just concentrate on automating your "iptables -A INPUT ..." script.
More information about the ubuntu-users