default iptables rules

Peter Garrett peter.garrett at
Mon Sep 17 02:11:03 UTC 2007

On Sun, Sep 16, 2007 at 05:06:31PM -0400, Jimmy Wu wrote:
> On 9/15/07, NoOp <glgxg at> wrote:
> >
> > On 09/15/2007 05:02 PM, Jimmy Wu wrote:
> > > On 9/14/07, John L Fjellstad <john-ubuntu at> wrote:
> > >>
> > >> Peter Garrett <peter.garrett at> writes:
> > >>
> > >> > I have found the simplest way to set up iptables is to start with a
> > >> > default "DROP" policy for INPUT
> > >>
> > >> One thing to note is that if you are ssh into a box, it might not be a
> > >> good idea to add this policy first (God knows I've done that a couple
> > of
> > >> times :-) ).
> > >>
[big snip]> 
> @Peter Garrett:
> I followed the instructions in the IPTABLES HOWTO of the online community
> Ubuntu docs, and added the following line to my /etc/network/interfaces
> entry for eth0:
> pre-up iptables-restore < /etc/network/iptables.up.rules
> and it does properly save my iptables rules. (I tested it by flushing the
> rules with -F and doing a /etc/init.d/networking restart).  I think this
> ensures that the rules are put in place whenever a network connection is up
> (I only use eth0)

As I think I mentioned, there are several ways to do this. If that 
works for you, great!

The way I do it is more to ensure that certain IPs that vary with time 
get resolved ( for instance, the servers available on irc may or may 
not be on-line at the time of connection.)

I'm sure I could do it another way - but it works for me. I also 
prefer the format of the script rather than the format of the default 
"save", but that's really just my laziness :) I understand my own 
script because I wrote it...


More information about the ubuntu-users mailing list