Find the answer to your Linux question:
Results 1 to 6 of 6
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 08-31-2005 #1
    sf433
    sf433 is offline
    Just Joined!
    Join Date
    Aug 2005
    Posts
    40

    iptables start on boot -debian3.1

    my machine is debian sarge 3.1
    /etc/init.d/iptables script inprevious releases of debian ,but it doesn't seem to be there anymore. How to start iptables on boot now?
    Reply With Quote Reply With Quote
  2. 09-09-2005 #2
    bin
    bin is offline
    Just Joined!
    Join Date
    Sep 2005
    Posts
    4
    you may have to ceate it. I had a similar prob when I switched from redhat(very user friendly) to slackware.
    most likely you need to create an iptable script something such as
    #!/bin/sh

    iptables --flush
    iptables --flush -t nat

    iptables --policy OUTPUT DROP
    iptables --policy INPUT DROP
    iptables --policy FORWARD DROP

    iptables -A OUTPUT -j ACCEPT -o lo
    iptables -A INPUT -j ACCEPT -i lo

    iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

    echo "Shields and Deflectors are up!"

    call it rc.iptables
    for slack i put in /etc/rc.d
    chmod 777 /etc/rc.d/rc.iptables

    the /etc/rc.d might vary as i am not as familiar with you disro
    Reply With Quote Reply With Quote
  3. 09-22-2005 #3
    Chipmonk
    Chipmonk is offline
    Just Joined!
    Join Date
    Aug 2005
    Location
    Riihimäki, Finland
    Posts
    10
    Other way to make iptables to start in boot is to add

    pre-up /path/toyour/firewall-script

    to your /etc/network/interfaces. This way iptables is started with network interface.
    Reply With Quote Reply With Quote
    4. $spacer_open
    $spacer_close
  4. 09-25-2005 #4
    sf433
    sf433 is offline
    Just Joined!
    Join Date
    Aug 2005
    Posts
    40
    Code:
    ---mkdir /etc/rc.d---
@:/etc$ ls -la | grep rc
drwxr-xr-x    2 root   root      1024 2005-09-04 10:53 rc0.d
drwxr-xr-x    2 root   root      1024 2005-09-04 10:53 rc1.d
drwxr-xr-x    2 root   root      1024 2005-09-04 10:53 rc2.d
drwxr-xr-x    2 root   root      1024 2005-09-16 18:25 rc3.d
drwxr-xr-x    2 root   root      1024 2005-09-04 10:53 rc4.d
drwxr-xr-x    2 root   root      1024 2005-09-04 10:53 rc5.d
drwxr-xr-x    2 root   root      1024 2005-09-18 02:17 rc6.d
drwxr-xr-x    2 root   root      1024 2005-09-18 02:03 rc.d
drwxr-xr-x    2 root   root      1024 2005-09-04 10:06 rcS.d


---make file of rc.iptables in /etc/rc.d/
:/etc/rc.d# cat rc.iptables
#!/bin/sh
iptables -I INPUT -s 211.cc.bb.aa -j DROP


---chmod 777 rc.iptables---
:/etc/rc.d# ls -la
total 6
drwxr-xr-x    2 root root 1024 Sep 18 02:03 .
drwxr-xr-x  105 root root 4096 Sep 25 12:08 ..
-rwxrwxrwx    1 root root  176 Sep 18 01:57 rc.iptables

---reboot---

---check---
:/etc/rc.d# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
:/etc/rc.d#
    found : my iptables rule is still not running. I also tried to make rc.iptables in /etc and reboot again. but it still doesn't work.
    Reply With Quote Reply With Quote
  5. 09-25-2005 #5
    sf433
    sf433 is offline
    Just Joined!
    Join Date
    Aug 2005
    Posts
    40
    Quote Originally Posted by Chipmonk
    Other way to make iptables to start in boot is to add

    pre-up /path/toyour/firewall-script

    to your /etc/network/interfaces. This way iptables is started with network interface.
    Sorry don't understand, can you show me an example.Thx!
    Reply With Quote Reply With Quote
  6. 09-27-2005 #6
    Chipmonk
    Chipmonk is offline
    Just Joined!
    Join Date
    Aug 2005
    Location
    Riihimäki, Finland
    Posts
    10
    First, you need to create a firewall script. You may use, for example, example given by bin earlier in this thread. Give a name for your script (for example firewall.up or something) and save it somewhere (for example to /root).

    Then open up /etc/network/interfaces with text editor. It will contain something along these lines:

    Code:
    # The primary network interface
auto eth0
iface eth0 inet static
        address 193.210.*.*
        netmask 255.255.255.0
        network 193.210.*.*
        broadcast 193.210.*.*
        gateway 193.210.*.*
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 193.210.18.18 193.210.19.19 193.210.19.120
    You need to add "pre-up /root/firewall.up" to this configuration. As far as I have been able to determine, pre-up runs a script before bringing up network interface. So, after you make changes, your eth0 (or whatever your main network interface is) configuration will look something like this:

    Code:
    # The primary network interface
auto eth0
iface eth0 inet static
        address 193.210.*.*
        netmask 255.255.255.0
        network 193.210.*.*
        broadcast 193.210.*.*
        gateway 193.210.*.*
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 193.210.18.18 193.210.19.19 193.210.19.120
        pre-up /root/firewall.up
    Hopefully this helps
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules