Last week I explained how to run
iptables rules to create a simplistic inbound-access-limiting firewall. Now you certainly don't want to run all these commands every time you start up your computer, so how do you have them run on reboot? The easiest and most portable solution is to slap the
iptables commands into a shell script which you place in the appropriate rc.d directory, for example # cd /etc/init.d # vi inbound_firewall (create it) # cd /etc/rc2.d # assuming you boot to runlevel 2 # ln -s ../init.d/inbound_firewall S99inbound_firewallAlternatively you can load your rules manually and use
iptables-save to save them to a file, and iptables-restore to read them back in next time. # iptables-save> /etc/iptables-save # save the current rules # iptables-restore < /etc/iptables-save # restore the previous rules.You'd need to put these
iptables-{save,restore} commands into a suitable startup script as well. Many Linux distributions have startup scripts already that will read these files automatically if they exist, so you should check out the scripts in /etc/init.d to see if it has something in place already.For example Debian has an
/etc/init.d/iptables script that will save and load your rules automatically. After running your iptables commands, you run /etc/init.d/iptables save active to save the current ruleset. You should check out the source of the iptables-loading scripts for your Linux distribution to see what they suggest and if there are any 'gotchas'.more @ http://www.hackinglinuxexposed.com/articles/20030709.html
No comments:
Post a Comment