#1  
Old 23rd June 2007, 10:00
tommytomato tommytomato is offline
Senior Member
 
Join Date: Aug 2006
Posts: 129
Thanks: 0
Thanked 0 Times in 0 Posts
Default iptables

Hi all

I think i have iptables worked out, got one problem every time i reboot, I lose the iptables that i created.

I saved the files and then ran iptables -L to see my home made fire wall, I log in via another PC on my network and I'm able to log in.

How do you save it so it boots up at the start

TT
Reply With Quote
Sponsored Links
  #2  
Old 24th June 2007, 19:28
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

How do you start the iptables firewall? Did you install an iptables-based firewall package such as shorewall or Bastille, or did you make your own custom iptables firewall?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 25th June 2007, 02:56
tommytomato tommytomato is offline
Senior Member
 
Join Date: Aug 2006
Posts: 129
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko
How do you start the iptables firewall? Did you install an iptables-based firewall package such as shorewall or Bastille, or did you make your own custom iptables firewall?
I made a custom one, well at lest i'm trying to

here it is

Code:
~# cat /etc/firewall.bash
#!/bin/bash

# No spoofing
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]
then
for filtre in /proc/sys/net/ipv4/conf/*/rp_filter
do
echo 1 > $filtre
done
fi 

# No icmp
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

#load some modules you may need
modprobe ip_tables
modprobe ip_nat_ftp
modprobe ip_nat_irc
modprobe iptable_filter
modprobe iptable_nat 

# Remove all rules and chains
iptables -F
iptables -X

# first set the default behaviour => accept connections
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

# Create 2 chains, it allows to write a clean script
iptables -N FIREWALL
iptables -N TRUSTED

iptables -A INPUT -s 83.132.97.14 -j DROP
iptables -A INPUT -s 81.199.85.110 -j DROP
iptables -A INPUT -s 218.16.120.80 -j DROP 
iptables -A INPUT -s 210.59.228.94 -j DROP 
iptables -A INPUT -s 219.153.0.218 -j DROP 
iptables -A INPUT -s 63.93.95.121 -j DROP 
iptables -A INPUT -s 203.134.154.2 -j DROP 
iptables -A INPUT -s 67.52.65.10 -j DROP 
iptables -A INPUT -i lo -j ACCEPT 
iptables -A INPUT -s 127.0.0.0/255.0.0.0 -j DROP 
iptables -A INPUT -d 127.0.0.0/255.0.0.0 -j DROP
iptables -A INPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT 
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT 
iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
I want to be able to open up ports 25 and 110 on my router, but block all access from the outside apart from my localnetwork, can this be done ?

I still want to be able to send and recive from the out side thou:scratch: I hope that makes sence

TT
Reply With Quote
  #4  
Old 25th June 2007, 17:01
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

If you are on Debian/ubuntu, you can rename your iptables script to /etc/network/if-up.d/iptables:
Code:
mv /etc/firewall.bash /etc/network/if-up.d/iptables
and make it executable:
Code:
chmod 755 /etc/network/if-up.d/iptables
The script will then be started automatically whenever you boot the system.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
The Perfect Xen 3.0.3 Setup For Debian Sarge iptables problem on dom0 ren22 HOWTO-Related Questions 21 7th January 2007 19:32
iptables issue with xen perfect setup - debian alexnz HOWTO-Related Questions 3 25th November 2006 13:49
can't initialize iptables table `filter asmadius Installation/Configuration 5 31st July 2006 15:36
The Perfect Xen 3.0 Setup For Debian | IPTABLES rocket30 HOWTO-Related Questions 7 25th July 2006 14:18
The Perfect Xen 3.0 Setup For Debian - IpTables Problem Gurke666 HOWTO-Related Questions 2 21st April 2006 17:21


All times are GMT +2. The time now is 04:07.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.