Unix/Linux Go Back    


IP Networking Learn TCP/IP, Internet Protocol, Routing, Routers, Network protocols in this UNIX and Linux forum.

Iptables rules at boot

IP Networking


Closed    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 01-06-2010
solaris_user solaris_user is offline
Registered User
 
Join Date: Aug 2009
Last Activity: 23 May 2016, 7:16 AM EDT
Location: Croatia
Posts: 446
Thanks: 33
Thanked 18 Times in 17 Posts
Iptables rules at boot

Hi

I have small home network and I want to block some forums on web
When I use this

Code:
iptables -A INPUT -s forum -j DROP

rules is applied but when I restart some of PC rules are not present any more also I tried to save firewall settings

Code:
iptables-save > /root/dsl.fw

but how to apply rules automated , maybe some kind of script

I am not experienced with network security so I ask here Linux


OS : Ubuntu x64 with last kernel
Sponsored Links
    #2  
Old Unix and Linux 01-06-2010
reborg's Unix or Linux Image
reborg reborg is offline Forum Advisor  
Administrator Emeritus
 
Join Date: Mar 2005
Last Activity: 29 March 2012, 7:00 PM EDT
Location: Ireland
Posts: 4,464
Thanks: 0
Thanked 13 Times in 11 Posts
Ubuntu has ufw UFW (Uncomplicated firewall) For Ubuntu Hardy which is probably the easiest way to do what you want. If you want to work the way you are currently doing things, then just to an iptables-load in an init script to load back in your iptables-save file.
Sponsored Links
    #3  
Old Unix and Linux 01-06-2010
TonyFullerMalv's Unix or Linux Image
TonyFullerMalv TonyFullerMalv is offline Forum Advisor  
Registered User
 
Join Date: Sep 2008
Last Activity: 1 July 2013, 6:45 PM EDT
Location: Malvern, Worcs. U.K.
Posts: 1,033
Thanks: 0
Thanked 8 Times in 8 Posts
Use an rc script, e.g. called ip_tables_setup:

Code:
#!/bin/bash

# chkconfig: 2345 01 99

PATH=/sbin:/bin:/usr/bin

case "$1" in
  start|"")

MyIF=wlan0
MyIP=`ifconfig ${MyIF} | grep  inet | grep -v 127.0.0.1 | grep -v inet6 | grep addr | \
     awk '{ print $2 }' | awk -F":" '{ print $2 }'`

#-----------------------
# load modules
#-----------------------
/sbin/depmod -a
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
#/sbin/modprobe ipt_REJECT
#/sbin/modprobe ipt_MASQUERADE
#/sbin/modprobe ip_conntrack_ftp 

#-----------------------
# flush all chains
#-----------------------
iptables -F INPUT 
iptables -F FORWARD 
iptables -F OUTPUT 
iptables -F -t nat

#----------------------
# Default policies
#----------------------
iptables -A INPUT -s forum -j DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT 
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
#iptables -A FORWARD -f -j ACCEPT

#---------------------------------
# All outgoing allowed
#---------------------------------
iptables -A OUTPUT -o $MyIF -s $MyIP -d 0/0 -j ACCEPT

#---------------------------------
# Established incoming allowed
#---------------------------------
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#---------------------------------
# SSH incoming allowed
#---------------------------------
# iptables -A INPUT -i $MyIF -p tcp --syn -s 0/0 -d $MyIP --dport 22 -j ACCEPT
;;
  restart|reload|force-reload)
	echo "Error: argument '$1' not supported" >&2
	exit 3
	;;
  stop)
	# No-op
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT 
	;;
  status)
	iptables --list
	;;
  *)
	echo "Usage: $0h [start|status|stop]" >&2
	exit 3
	;;
esac

:

Change wlan0 to the name of your interface.

Then run:

Code:
# chkconfig --add ip_tables_setup

Sponsored Links
Closed

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
SED inserting iptables rules in while loop verbalicious Shell Programming and Scripting 2 12-22-2009 12:12 PM
solaris boot problem boot error loading interpreter(misc/krtld) johncy_j Solaris 0 08-17-2005 09:15 AM
Cannot boot - Boot : Panic : File size out of range (EWS-UX/V unix) fredo UNIX for Advanced & Expert Users 2 05-05-2005 09:42 PM



All times are GMT -4. The time now is 10:16 PM.