Find the answer to your Linux question:
Results 1 to 6 of 6
my machine is debian sarge 3.1 /etc/init.d/iptables script inprevious releases of debian ,but it doesn't seem to be there anymore. How to start iptables on boot now?...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2005
    Posts
    40

    iptables start on boot -debian3.1


    my machine is debian sarge 3.1
    /etc/init.d/iptables script inprevious releases of debian ,but it doesn't seem to be there anymore. How to start iptables on boot now?

  2. #2
    bin
    bin is offline
    Just Joined!
    Join Date
    Sep 2005
    Posts
    4
    you may have to ceate it. I had a similar prob when I switched from redhat(very user friendly) to slackware.
    most likely you need to create an iptable script something such as
    #!/bin/sh

    iptables --flush
    iptables --flush -t nat

    iptables --policy OUTPUT DROP
    iptables --policy INPUT DROP
    iptables --policy FORWARD DROP

    iptables -A OUTPUT -j ACCEPT -o lo
    iptables -A INPUT -j ACCEPT -i lo

    iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

    echo "Shields and Deflectors are up!"

    call it rc.iptables
    for slack i put in /etc/rc.d
    chmod 777 /etc/rc.d/rc.iptables

    the /etc/rc.d might vary as i am not as familiar with you disro

  3. #3
    Just Joined!
    Join Date
    Aug 2005
    Location
    Riihimäki, Finland
    Posts
    10
    Other way to make iptables to start in boot is to add

    pre-up /path/toyour/firewall-script

    to your /etc/network/interfaces. This way iptables is started with network interface.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Aug 2005
    Posts
    40
    Code:
    ---mkdir /etc/rc.d---
    @:/etc$ ls -la | grep rc
    drwxr-xr-x    2 root   root      1024 2005-09-04 10:53 rc0.d
    drwxr-xr-x    2 root   root      1024 2005-09-04 10:53 rc1.d
    drwxr-xr-x    2 root   root      1024 2005-09-04 10:53 rc2.d
    drwxr-xr-x    2 root   root      1024 2005-09-16 18:25 rc3.d
    drwxr-xr-x    2 root   root      1024 2005-09-04 10:53 rc4.d
    drwxr-xr-x    2 root   root      1024 2005-09-04 10:53 rc5.d
    drwxr-xr-x    2 root   root      1024 2005-09-18 02:17 rc6.d
    drwxr-xr-x    2 root   root      1024 2005-09-18 02:03 rc.d
    drwxr-xr-x    2 root   root      1024 2005-09-04 10:06 rcS.d
    
    
    ---make file of rc.iptables in /etc/rc.d/
    :/etc/rc.d# cat rc.iptables
    #!/bin/sh
    iptables -I INPUT -s 211.cc.bb.aa -j DROP
    
    
    ---chmod 777 rc.iptables---
    :/etc/rc.d# ls -la
    total 6
    drwxr-xr-x    2 root root 1024 Sep 18 02:03 .
    drwxr-xr-x  105 root root 4096 Sep 25 12:08 ..
    -rwxrwxrwx    1 root root  176 Sep 18 01:57 rc.iptables
    
    ---reboot---
    
    ---check---
    :/etc/rc.d# iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    :/etc/rc.d#
    found : my iptables rule is still not running. I also tried to make rc.iptables in /etc and reboot again. but it still doesn't work.

  6. #5
    Just Joined!
    Join Date
    Aug 2005
    Posts
    40
    Quote Originally Posted by Chipmonk
    Other way to make iptables to start in boot is to add

    pre-up /path/toyour/firewall-script

    to your /etc/network/interfaces. This way iptables is started with network interface.
    Sorry don't understand, can you show me an example.Thx!

  7. #6
    Just Joined!
    Join Date
    Aug 2005
    Location
    Riihimäki, Finland
    Posts
    10
    First, you need to create a firewall script. You may use, for example, example given by bin earlier in this thread. Give a name for your script (for example firewall.up or something) and save it somewhere (for example to /root).

    Then open up /etc/network/interfaces with text editor. It will contain something along these lines:

    Code:
    # The primary network interface
    auto eth0
    iface eth0 inet static
            address 193.210.*.*
            netmask 255.255.255.0
            network 193.210.*.*
            broadcast 193.210.*.*
            gateway 193.210.*.*
            # dns-* options are implemented by the resolvconf package, if installed
            dns-nameservers 193.210.18.18 193.210.19.19 193.210.19.120
    You need to add "pre-up /root/firewall.up" to this configuration. As far as I have been able to determine, pre-up runs a script before bringing up network interface. So, after you make changes, your eth0 (or whatever your main network interface is) configuration will look something like this:

    Code:
    # The primary network interface
    auto eth0
    iface eth0 inet static
            address 193.210.*.*
            netmask 255.255.255.0
            network 193.210.*.*
            broadcast 193.210.*.*
            gateway 193.210.*.*
            # dns-* options are implemented by the resolvconf package, if installed
            dns-nameservers 193.210.18.18 193.210.19.19 193.210.19.120
            pre-up /root/firewall.up
    Hopefully this helps

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •