Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Linux Firewall iptables

Linux Firewall iptables 12 years 10 months ago #2471

  • thorpe
  • thorpe's Avatar
  • Offline
  • Frequent Member
  • Posts: 45
  • Karma: 0
I am just setting up a testbed Linux iptables based firewall. (redhat)

I have managed to setup the iptables rules so traffic is blocked apart from the traffic I want.

My problem is how to start iptables on boot.

I currently have an iptables startup file in the /etc/rc.d/init.d location this also works with chkconfig --level .....

The script does run on boot up but my firewall rules are written in this startup script which seems odd to me.

What is the best why to start iptables and where should the firewall rules go

thanks
The administrator has disabled public write access.

Re: Linux Firewall iptables 12 years 10 months ago #2483

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Thorpe,

IPTables is a favourite of mine and I've spent countless hours trying to figure them out and I can tell you I still haven't mastered them!

Concering starting them up when your machine boots, what I always end up doing is the following:

1) Save my rules in a file, usually called "rules"
2) Place 'rules' in /etc/rc.d/
3) Edit /etc/rc.d/rc.local and create an entry: /etc/rc.d/rules

Of course, I always make sure the 'rules' file starts with #!/bin/sh
and the file itself has the 'x' attribute so it can be executed.

Let us know what solution you implemented!

Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: Linux Firewall iptables 12 years 10 months ago #2486

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
thats how I had the rules start at startup when I played with iptables. I'm not sure if theres a better way.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

iptables 12 years 10 months ago #2504

  • thorpe
  • thorpe's Avatar
  • Offline
  • Frequent Member
  • Posts: 45
  • Karma: 0
I made a slight tweak to your method.

I quiet like the OK messages on boot up and shutdown so I implemented a SysV type iptables startup script.

in /etc/rc.d/init.d I created an iptables script

I used start for modprobe ip_tables
I used stop for modprobe -r ip_tables

this way I got the ok messages to appear and I can use chkConfig to manage startup of the iptables

I then created a rules file and used rc.local to execute that script

everything seems to be working A OK.

Do you see any problems with this way of starting up iptables. I know there is an issues with if I tell chkconfig not start iptables on boot then rc.local will still try and load the rules.

I may put the call to the rules script from the SysV startup script in init.d
The administrator has disabled public write access.
Time to create page: 0.079 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup