Tom H tomh0665 at gmail.com
Fri Dec 7 10:59:33 UTC 2012

On Thu, Dec 6, 2012 at 6:26 PM, JD <jd1008 at gmail.com> wrote:
> On redhat based linuxes, you enable the firewall by
> either using the "services" gui or use the command
> line chkconfig.
> Once enabled, it always starts at boot(assuming you
> have set up your firewall rulesfile which is
> /etc/sysconfig/iptables).
> As I am indeed new to ubuntu, I need way of
> "enabling" iptables and thus having it always
> start at boot automatically.

To stay as close to what you know from RHEL/Fedora, install
"iptables-persistent" (it installs an
"/etc/init.d/iptables-persistent" init script) and set your rules in
"/etc/iptables/rules.v4". You'll then have the familiar "service
iptables-persistent stop|start|restart|relaod|save|flush" commands
available; more or less familiar since there's an added "-persistent".

To use the ifupdown infrastructure, create a "iptables-restore <
/path/to/iptables/rules" script in "/etc/network/if-pre-up.d/" and
they'll be loaded when an interface is brought up. Rather than flush
the rules with a script in "/etc/network/if-post-down.d/", flush them
at the top of the rule-setting script because, if you have two
interfaces, bringing one down would leave the other up with no
iptables rules.

To use the MetworkManager infrastructure, create a script in
"/etc/NetworkManager/dispatcher.d/". I've only done this once as a
test in the distant past and all that I remember is that the script's
very similar to an init script with "case ...".

If you don't mind not using your own current set of rules as is, you
can use ufw (or its gui frontend, gufw), an Ubuntu-developed frontend
to iptables, apf-firewall, arno-iptables-firewall, shorewall, or
(there are probably others) ...

ufw has a command-line interface (the "u" stands for "uncomplicated"
so it's more straightforward than iptables' commands); "ufw enable"
for it to start at boot and "man ufw" to find out how to add local
rules to the default ones. The others have config files to customize
the default rules that they create.

More information about the ubuntu-users mailing list