Re: Starting iptables

To: debian-user@lists.debian.org
Subject: Re: Starting iptables
From: dtutty@porchlight.ca
Date: Tue, 17 Oct 2006 21:39:27 -0400
Message-id: <[🔎] 20061018013927.GF2058@pluto>
In-reply-to: <[🔎] 20061017224534.GA10998@celephais.home.net>
References: <[🔎] 20061017224534.GA10998@celephais.home.net>

On Tue, Oct 17, 2006 at 05:45:34PM -0500, cothrige wrote:
> I was wondering about the best way to start iptables with each boot in
> Debian and so I did some googling.  I found a Debian Wiki and it gave
> instructions concerning update-rc.d, but this requires a script for
> iptables in init.d and this does not exist.  At least not in my
> system.  Can anyone give me a quick idea of the "correct" way to start
> iptables at boot?  I suppose I could just add something to rc.local,
> but I was sort of assuming there was a more appropriate way.
> 
> Many thanks,
> 
> Patrick
> 
As far as I know, iptables itself, part of the kernel, is always
'running', its just that unless you add rules, it doesn't actually do
anything.  You either have to add those rules by hand, write a script
that does that, or use a piece of software that does.  This is what
various 'firewall' packages does.

For basic dialup, you can just use ipmasq.  If you want total controll
go with shorewall.  If you want a great piece of documentation that
explains the issues, read the shorewall docs, theres a great html-format
book.  

Even if you end up deciding to go with ipmasq, I highly recommend the
shorewall docs.  Install it, read, learn, then decide.

Note when doing reading, that iptables is also known as NetFilter.

Enjoy,

Doug.

Reply to:

References:
- Starting iptables
  - From: cothrige <cothrige@bellsouth.net>

Prev by Date: Still fontconfig (and Xorg and Defoma, ...)?
Next by Date: Re: Debian installer that support Asus Marvel Gigabit ethernet and sata HD
Previous by thread: Re: Starting iptables
Next by thread: Re: Starting iptables
Index(es):
- Date
- Thread