Re: iptables script - where to put it?
> go in /etc/init.d/? What do I need to do with this file to get it to run
> every time I boot? The actual content is copied below.
Actually, the easiest way to make sure the firewall rules are always
on is to add this to your /etc/network/interfaces :
# Bring up firewall
pre-up iptables-restore < /etc/iptables.rules
# And save fw state on shutdown
post-down iptables-save -c > /etc/iptables.rules
On Fri, Oct 10, 2008 at 10:04 AM, tyler <tyler.smith@mail.mcgill.ca> wrote:
> Hi,
>
> I'm trying to learn how to firewall my laptop. I think I've got an
> appropriate, simple iptables script, but I can't figure out where to put
> it. Google provides lots of conflicting advice. I think it's supposed to
> go in /etc/init.d/? What do I need to do with this file to get it to run
> every time I boot? The actual content is copied below.
>
> Thanks,
>
> Tyler
>
> ######################### start ###########################
> #### Clear the iptables ####
> iptables -F
> iptables -X
> iptables -Z
> iptables -t nat -F
> iptables -t nat -X
> iptables -t nat -Z
> iptables -t mangle -F
> iptables -t mangle -X
> iptables -t mangle -Z
>
> #### Set default policy to drop all inbound and forwarded
> #### packets, accept all outbound
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
> iptables -P OUTPUT ACCEPT
>
> #### Allow input from established connections ####
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> #### Allow input from localhost ####
> iptables -A INPUT -i lo -j ACCEPT
>
> #### Allow icmp error messages ####
> iptables -A INPUT -p icmp --icmp-type 3 -j ACCEPT
> iptables -A INPUT -p icmp --icmp-type 11 -j ACCEPT
> iptables -A INPUT -p icmp --icmp-type 12 -j ACCEPT
>
> #### REJECT ident requests ####
> iptables -A INPUT -p tcp --syn --dport 113 -j REJECT --reject-with tcp-reset
>
> ############################# end #################################
Reply to: