Re: was: fail2ban for apache2, now iptables help
On Monday 02 December 2019 04:35:26 Andrei POPESCU wrote:
> On Du, 01 dec 19, 22:28:43, Gene Heskett wrote:
> > It, iptables, did not get restarted on the fresh boot, so obviously
> > the systemd manager hasn't been informed to start iptables,
> > reloading from /etc/iptables/saved-rules.
>
> To my knowledge Debian doesn't include anything like this by default.
>
> > So 1. how do I query systemd to determine if it should have started
> > iptables, and if not, 2. what is the command to set it so it does
> > start iptables at bootup?
>
> You might want to install iptables-persistent, otherwise you'll have
> to roll-out your own solution.
>
> With systemd the generic solution would look like:
>
> 1. Write a script that does what you want
> 2. Write a corresponding .service unit describing how / when it's run
> 3. Tell systemd to use your .service unit.
>
> In the particular case of iptables instead of writing a script you
> should probably just reuse your existing rules file and load that with
> an 'iptables-restore' from the .service unit.
>
> We are quite far from the original topic so I would suggest you start
> a new thread in case you need assistance with this.
>
I did find the syntax for iptables-restore and have that working as I'd
been doing a new iptables-save everytime I added a new rule. So I've got
most of them muzzled again.
But you're right, the thread has drifted as I looked for a solution for
the DDOS I was suffering from.
> Kind regards,
> Andrei
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: