Re: default iptables (again)
On Mon, Mar 17, 2003 at 06:51:16PM +1100, Glenn Hocking wrote:
> Hi
>
> Ok I now know what the issue is. The iptables NAT box is a PPPoE box
> running PPPoE on boot. Every time it drops the connection and
> re-establishes itself (as adsl does) it drops the firewall rules and
> reloads them back to the default. So directly after boot my rules are
> loaded but as soon as it brings up the connection it reloads the default.
>
> I've tried the iptables save command mentioned earlier and searched the
> PPP directorys for references to iptables but with no luck.
>
> Does anybody know how to set the default iptables rules for a PPP
> connection that 'recalculates' the rules on PPP.
> Or can I just stop it from reloading the rules every time the ADSL
> connection is brought up.
You can always make a script which recalculate the rules and put it in
the /etc/ppp/ip-up.d/ directory, but the package ipmasq does exactly
that, even if you are not thinking in masqueraded conections. The only
problem is that ipmasq "takes over" the firewall, so any rules that you
want to put, you have to put it in the ipmasq configuration files,
otherwise ipmasq will wipe them every time the connection is restarted.
A big plus is that ipmasq sanitizes the firewall with default
security rules, such as filtering packets comming through an external
interface with an "internal" source address, and things like that.
Blu.
Reply to: