Home Forums Articles Downloads Hosting Freebies Jobs
Welcome to Linux Forums! With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.
Write an article for LinuxForums Today! Win Great Prizes!
Find the answer to your Linux question:
New to Linux Forums? Register here for free!
    Linux Forums > GNU Linux Zone > Linux Security > iptables start on boot -debian3.1

Forgot Password?
 Linux Security   Discussion about keeping your machines secure, and the crackers out.

Site Navigation
Linux Articles
Linux Forums
Linux Downloads
Linux Hosting
Free Magazines
Job Board
IRC Chat
RSS Feeds
Linux Forum Topics
Linux Forums
Your Distro
Linux Resources
GNU Linux Zone
The Community
Reply
 
Thread Tools Display Modes
Old 08-31-2005   #1 (permalink)
Just Joined!
 
Join Date: Aug 2005
Posts: 40
iptables start on boot -debian3.1
Quote:
my machine is debian sarge 3.1
/etc/init.d/iptables script inprevious releases of debian ,but it doesn't seem to be there anymore. How to start iptables on boot now?
sf433 is offline  



Reply With Quote
Old 09-09-2005   #2 (permalink)
bin
Just Joined!
 
Join Date: Sep 2005
Posts: 4
you may have to ceate it. I had a similar prob when I switched from redhat(very user friendly) to slackware.
most likely you need to create an iptable script something such as
#!/bin/sh

iptables --flush
iptables --flush -t nat

iptables --policy OUTPUT DROP
iptables --policy INPUT DROP
iptables --policy FORWARD DROP

iptables -A OUTPUT -j ACCEPT -o lo
iptables -A INPUT -j ACCEPT -i lo

iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

echo "Shields and Deflectors are up!"

call it rc.iptables
for slack i put in /etc/rc.d
chmod 777 /etc/rc.d/rc.iptables

the /etc/rc.d might vary as i am not as familiar with you disro
bin is offline   Reply With Quote
Old 09-22-2005   #3 (permalink)
Just Joined!
 
Join Date: Aug 2005
Location: Riihimäki, Finland
Posts: 10
Other way to make iptables to start in boot is to add

pre-up /path/toyour/firewall-script

to your /etc/network/interfaces. This way iptables is started with network interface.
Chipmonk is offline   Reply With Quote
Old 09-25-2005   #4 (permalink)
Just Joined!
 
Join Date: Aug 2005
Posts: 40
Code:
---mkdir /etc/rc.d---
@:/etc$ ls -la | grep rc
drwxr-xr-x    2 root   root      1024 2005-09-04 10:53 rc0.d
drwxr-xr-x    2 root   root      1024 2005-09-04 10:53 rc1.d
drwxr-xr-x    2 root   root      1024 2005-09-04 10:53 rc2.d
drwxr-xr-x    2 root   root      1024 2005-09-16 18:25 rc3.d
drwxr-xr-x    2 root   root      1024 2005-09-04 10:53 rc4.d
drwxr-xr-x    2 root   root      1024 2005-09-04 10:53 rc5.d
drwxr-xr-x    2 root   root      1024 2005-09-18 02:17 rc6.d
drwxr-xr-x    2 root   root      1024 2005-09-18 02:03 rc.d
drwxr-xr-x    2 root   root      1024 2005-09-04 10:06 rcS.d


---make file of rc.iptables in /etc/rc.d/
:/etc/rc.d# cat rc.iptables
#!/bin/sh
iptables -I INPUT -s 211.cc.bb.aa -j DROP


---chmod 777 rc.iptables---
:/etc/rc.d# ls -la
total 6
drwxr-xr-x    2 root root 1024 Sep 18 02:03 .
drwxr-xr-x  105 root root 4096 Sep 25 12:08 ..
-rwxrwxrwx    1 root root  176 Sep 18 01:57 rc.iptables

---reboot---

---check---
:/etc/rc.d# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
:/etc/rc.d#
found : my iptables rule is still not running. I also tried to make rc.iptables in /etc and reboot again. but it still doesn't work.
sf433 is offline   Reply With Quote
Old 09-25-2005   #5 (permalink)
Just Joined!
 
Join Date: Aug 2005
Posts: 40
Quote:
Originally Posted by Chipmonk
Other way to make iptables to start in boot is to add

pre-up /path/toyour/firewall-script

to your /etc/network/interfaces. This way iptables is started with network interface.
Sorry don't understand, can you show me an example.Thx!
sf433 is offline   Reply With Quote
Old 09-27-2005   #6 (permalink)
Just Joined!
 
Join Date: Aug 2005
Location: Riihimäki, Finland
Posts: 10
First, you need to create a firewall script. You may use, for example, example given by bin earlier in this thread. Give a name for your script (for example firewall.up or something) and save it somewhere (for example to /root).

Then open up /etc/network/interfaces with text editor. It will contain something along these lines:

Code:
# The primary network interface
auto eth0
iface eth0 inet static
        address 193.210.*.*
        netmask 255.255.255.0
        network 193.210.*.*
        broadcast 193.210.*.*
        gateway 193.210.*.*
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 193.210.18.18 193.210.19.19 193.210.19.120
You need to add "pre-up /root/firewall.up" to this configuration. As far as I have been able to determine, pre-up runs a script before bringing up network interface. So, after you make changes, your eth0 (or whatever your main network interface is) configuration will look something like this:

Code:
# The primary network interface
auto eth0
iface eth0 inet static
        address 193.210.*.*
        netmask 255.255.255.0
        network 193.210.*.*
        broadcast 193.210.*.*
        gateway 193.210.*.*
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 193.210.18.18 193.210.19.19 193.210.19.120
        pre-up /root/firewall.up
Hopefully this helps
Chipmonk is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Free Magazines
A Newbie's Getting Started Guide to Linux
Learn the basics of the Linux operating systems. Get to know what it is all about, and familiarize yourself with the practical side. Basically, if you're a complete Linux newbie and looking for a quick and easy guide to get you started this is it.
subscribe
Run Your Own Web Server Using Linux & Apache - Free 191 Page Preview
Learn about everything you'll need to build and maintain your Linux servers, and to deploy Web applications to them.
subscribe
Open Source Security Myths Dispelled
Dispel the five major myths surrounding Open Source Security and gain the tools necessary to make a truly informed decision for your IT organization
subscribe
InformationWeek
InformationWeek is the only newsweekly you'll need to stay on top of the latest developments in information technology.
subscribe



All times are GMT. The time now is 09:25 PM.





Advertise About Us Contact Us Write For Us Archive Top
© 2000 - - All Rights Reserved - Property of  MAS Media

Content Relevant URLs by vBSEO 3.3.1