Re: iptables script - where to put it?

To: debian-user@lists.debian.org
Subject: Re: iptables script - where to put it?
From: tyler <tyler.smith@mail.mcgill.ca>
Date: Fri, 10 Oct 2008 23:08:36 -0300
Message-id: <[🔎] 87hc7jnasb.fsf@blackbart.sedgenet>
References: <[🔎] 87skr4mtpw.fsf@blackbart.sedgenet> <[🔎] c956da920810101109x17a8f51gcdcbbf117811f069@mail.gmail.com>

Thanks everyone for your help!

I started with Jeff's suggestion, below, which seems to work fine. I
don't actually boot very often, usually just hibernating. But after
modifying /etc/network/interfaces, shutting down and rebooting, my
iptables are intact, so that's a start.

Cheers,

Tyler

"Jeff Soules" <soules@gmail.com> writes:

>> go in /etc/init.d/? What do I need to do with this file to get it to run
>> every time I boot? The actual content is copied below.
>
> Actually, the easiest way to make sure the firewall rules are always
> on is to add this to your /etc/network/interfaces :

> # Bring up firewall
> pre-up iptables-restore < /etc/iptables.rules
>
> # And save fw state on shutdown
> post-down iptables-save -c > /etc/iptables.rules
>
>
> On Fri, Oct 10, 2008 at 10:04 AM, tyler <tyler.smith@mail.mcgill.ca> wrote:
>> Hi,
>>
>> I'm trying to learn how to firewall my laptop. I think I've got an
>> appropriate, simple iptables script, but I can't figure out where to put
>> it. Google provides lots of conflicting advice. I think it's supposed to
>> go in /etc/init.d/? What do I need to do with this file to get it to run
>> every time I boot? The actual content is copied below.
>>
>> Thanks,
>>
>> Tyler
>>
>> ######################### start ###########################
>> #### Clear the iptables ####
>> iptables -F
>> iptables -X
>> iptables -Z
>> iptables -t nat -F
>> iptables -t nat -X
>> iptables -t nat -Z
>> iptables -t mangle -F
>> iptables -t mangle -X
>> iptables -t mangle -Z
>>
>> #### Set default policy to drop all inbound and forwarded
>> #### packets, accept all outbound
>> iptables -P INPUT DROP
>> iptables -P FORWARD DROP
>> iptables -P OUTPUT ACCEPT
>>
>> #### Allow input from established connections ####
>> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>>
>> #### Allow input from localhost ####
>> iptables -A INPUT -i lo -j ACCEPT
>>
>> #### Allow icmp error messages ####
>> iptables -A INPUT -p icmp --icmp-type 3 -j ACCEPT
>> iptables -A INPUT -p icmp --icmp-type 11 -j ACCEPT
>> iptables -A INPUT -p icmp --icmp-type 12 -j ACCEPT
>>
>> #### REJECT ident requests ####
>> iptables -A INPUT -p tcp --syn --dport 113 -j REJECT --reject-with tcp-reset
>>
>> ############################# end #################################
>
>

-- 
Breaking a digital lock to access your own property will be illegal
under Bill C-61. 

http://www.michaelgeist.ca/content/view/3046/125/

Reply to:

References:
- iptables script - where to put it?
  - From: tyler <tyler.smith@mail.mcgill.ca>
- Re: iptables script - where to put it?
  - From: "Jeff Soules" <soules@gmail.com>

Prev by Date: Re: compiling the 2.26.6 kernel on debian.
Next by Date: Etch 4.0r4a desktop how to set resolution and refresh rate?
Previous by thread: Re: iptables script - where to put it?
Next by thread: Re: iptables script - where to put it?
Index(es):
- Date
- Thread