Re: Starting iptables

To: debian-user@lists.debian.org
Subject: Re: Starting iptables
From: Scott Reese <sreese@indianaheart.org>
Date: Tue, 17 Oct 2006 21:05:22 -0400
Message-id: <[🔎] 45357DD2.30305@indianaheart.org>
In-reply-to: <[🔎] 20061018001519.GI5226@localhost.localdomain>
References: <[🔎] 20061017224534.GA10998@celephais.home.net> <[🔎] 20061017232836.GG5226@localhost.localdomain> <[🔎] 20061018000847.GB6959@celephais.home.net> <[🔎] 20061018001519.GI5226@localhost.localdomain>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrew Sackville-West wrote:
> On Tue, Oct 17, 2006 at 07:08:47PM -0500, cothrige wrote:
>> * Andrew Sackville-West (andrew@farwestbilliards.com) wrote:
>>> isn't iptables part of the kernel and therefor up by default when the
>>> kernel starts executing? 
>>>
>>> A
>> Yes, iptables as far as I know is part of the kernel, but the rules
>> must be loaded.  In Slackware I would create a script and put it in
>> rc.d to be loaded.  I suppose that I could do something similar with
>> Debian, but would like to make sure that there is not some more
>> correct way to handle it first.
> 
> right, okay, I understand. sorry. Yeah, there is surely some Debian
> way to do it. sorry, don't know it.
> 
> A

Greetings Andres:

The "Debian" way to do it is to use the directories in /etc/network.
There are 4 directories:

if-down.d
if-post-down.d
if-pre-up.d
if-up.d

You put scripts into each of these folders, and then they are run when
each interface goes through one of these states.  You need to be careful
with this for firewall rules - if your box has 3 interfaces and you put
a script into if-up.d/ the script will be run three times, once for each
interface that is brought up.  This can cause your rules to be loaded
repeatedly.  You will probably want to include if/then sections in your
script to load rules based on the interface being brought up.

A similar method (that might be a little easier for you to use for
loading iptables rules) involves using options similar to the
directories listed in the /etc/network/interfaces file.  The following
directives are understood:

pre-up
up
post-up
pre-down
down
post-down

You would load your rules into a script and run the script using the up
command in one of your interfaces.

The man page for interfaces can give you the details.

Good Luck.

- -Scott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFNX3SS7FYdPX6+iYRAj+zAJwIWuVGUqxq4Lp5qtffYNdScJS+KACffO4d
iW98SPHKFw1lScO7x7n77+g=
=M5tZ
-----END PGP SIGNATURE-----

Reply to:

References:
- Starting iptables
  - From: cothrige <cothrige@bellsouth.net>
- Re: Starting iptables
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>
- Re: Starting iptables
  - From: cothrige <cothrige@bellsouth.net>
- Re: Starting iptables
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>

Prev by Date: Re: Starting iptables
Next by Date: Re: Starting iptables
Previous by thread: Re: Starting iptables
Next by thread: Re: Starting iptables
Index(es):
- Date
- Thread