<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> Simple firewall to one machine: 1) <pre style="font-style:normal;font-weight:normal;color:rgb(0,0,0)">cd /usr/local/bin</pre> <pre style="font-style:normal;font-weight:normal;color:rgb(0,0,0)"> 2) </pre> <pre style="font-style:normal;font-weight:normal;color:rgb(0,0,0)">sudo nano (copy and paste) </pre> <pre style="font-style:normal;font-weight:normal;color:rgb(0,0,0)">#!/bin/sh iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -p tcp --syn -j DROP 3) Control + O</pre> write name > firewall.sh <pre style="font-style:normal;font-weight:normal;color:rgb(0,0,0)">Enter </pre> to close > Control + x <pre style="font-style:normal;font-weight:normal;color:rgb(0,0,0)">chmod +x firewall.sh <big><big>4)</big></big> </pre> sudo nano /etc/rc.local before “exit 0″ write: /usr/local/bin/firewall.sh 5) <pre style="font-style:normal;font-weight:normal;color:rgb(0,0,0)">Control + O</pre> <pre style="font-style:normal;font-weight:normal;color:rgb(0,0,0)">Enter </pre> to close > Control + O 6) sudo reboot 7) to see if it is working: sudo lsmod <div class="moz-cite-prefix">Em 07-12-2012 08:59, Tom H escreveu: </div> <blockquote cite="mid:CAOdo=Sx0Z3tv4tuhorXogzVCQVTrTzS6D44-umb52ON=VEP1VQ@mail.gmail.com" type="cite"> <pre wrap="">On Thu, Dec 6, 2012 at 6:26 PM, JD <a class="moz-txt-link-rfc2396E" href="mailto:jd1008@gmail.com"><jd1008@gmail.com></a> wrote: </pre> <blockquote type="cite"> <pre wrap=""> On redhat based linuxes, you enable the firewall by either using the "services" gui or use the command line chkconfig. Once enabled, it always starts at boot(assuming you have set up your firewall rulesfile which is /etc/sysconfig/iptables). As I am indeed new to ubuntu, I need way of "enabling" iptables and thus having it always start at boot automatically. </pre> </blockquote> <pre wrap=""> To stay as close to what you know from RHEL/Fedora, install "iptables-persistent" (it installs an "/etc/init.d/iptables-persistent" init script) and set your rules in "/etc/iptables/rules.v4". You'll then have the familiar "service iptables-persistent stop|start|restart|relaod|save|flush" commands available; more or less familiar since there's an added "-persistent". To use the ifupdown infrastructure, create a "iptables-restore < /path/to/iptables/rules" script in "/etc/network/if-pre-up.d/" and they'll be loaded when an interface is brought up. Rather than flush the rules with a script in "/etc/network/if-post-down.d/", flush them at the top of the rule-setting script because, if you have two interfaces, bringing one down would leave the other up with no iptables rules. To use the MetworkManager infrastructure, create a script in "/etc/NetworkManager/dispatcher.d/". I've only done this once as a test in the distant past and all that I remember is that the script's very similar to an init script with "case ...". If you don't mind not using your own current set of rules as is, you can use ufw (or its gui frontend, gufw), an Ubuntu-developed frontend to iptables, apf-firewall, arno-iptables-firewall, shorewall, or (there are probably others) ... ufw has a command-line interface (the "u" stands for "uncomplicated" so it's more straightforward than iptables' commands); "ufw enable" for it to start at boot and "man ufw" to find out how to add local rules to the default ones. The others have config files to customize the default rules that they create. </pre> </blockquote> </body> </html>