Re: Iptables the "Debian" way?
Ben Russo wrote:
I am used to using RedHat, whereby I make sure I have the iptables
package installed and I can use "chkconfig" to see if iptables has
system-V runtime setup to be on or off, and the iptables-save data goes
into /etc/sysconfig/iptables for reload on reboot (or change of SysV
init level).
What is the "Debian" way of doing this?
I have iptables installed and I can add iptables rules and they work,
but I did a grep for "iptables" in /etc/init.d/* and nothing matches,
and I searched through /etc for files that contain firewall rules and
didn't see any?
Thanks to Keith for the reply. I looked at that script you mentioned,
and it looked pretty detailed. In the meantime I found a way that works
for my situation.
In the /etc/network/interfaces file you can add lines for commands to
run when bringing up or down (or pre-up and pre-down commands). Since I
just have one interface on my local workstation (eth0) I just added up ,
pre-down, and down lines like so:
root@columbia:/etc/network# cat /etc/network/interfaces
# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or
# /usr/share/doc/ifupdown/examples for more information.
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 10.10.10.69
netmask 255.255.255.0
broadcast 10.10.10.255
gateway 10.10.10.1
up cat /etc/iptables-save.out | /sbin/iptables-restore
pre-down cp /etc/iptables-save.out /etc/iptables-save.out.backup
down /sbin/iptables-save > /etc/iptables-save.out
I tested it and it seems to work pretty well. :-)
-Ben.
Reply to: