| 1 |
On 7/5/06, James <wireless@×××××××××××.com> wrote: |
| 2 |
|
| 3 |
> > 1) /etc/init.d/iptables save |
| 4 |
|
| 5 |
> This will work if one loads the rules manually at the command line. |
| 6 |
> Where do I put a scirpt of iptables command, so it is read the |
| 7 |
> rule sets generated and then saved into /var/lib/iptables/rules-save? |
| 8 |
|
| 9 |
Anywhere you like. All that matters is that you run it so your |
| 10 |
iptables are setup like you want, then run "/etc/init.d/iptables save" |
| 11 |
followed by "rc-update -a iptables default". |
| 12 |
|
| 13 |
> After that if I want to modify the rules, I edit my script, run |
| 14 |
> my script manually, then issue: |
| 15 |
> "iptables-save > /var/lib/iptables/rules-save" |
| 16 |
|
| 17 |
No, "/etc/init.d/iptables save" is the better choice. The file might |
| 18 |
move, or the format change, or something similar. |
| 19 |
|
| 20 |
> If I want to then test the rules, without rebooting, I issue: |
| 21 |
> |
| 22 |
> /etc/init.d/iptables stop |
| 23 |
> /etc/init.d/iptables start |
| 24 |
|
| 25 |
Not necessary. After running your script, the tables will be setup |
| 26 |
according to the script, and you can test away. You probably want |
| 27 |
your script to have the following at the top: |
| 28 |
|
| 29 |
iptables -F |
| 30 |
iptables -P INPUT ACCEPT |
| 31 |
iptables -P OUTPUT ACCEPT |
| 32 |
iptables -P FORWARD DROP |
| 33 |
|
| 34 |
This flushes all rules, and resets the default policies, so that only |
| 35 |
the rules that you specify later take effect. Very useful for |
| 36 |
clearing out old artifacts of stuff... |
| 37 |
|
| 38 |
> What I'm looking for is the series of steps to |
| 39 |
> 1. Where best to locate my script? |
| 40 |
|
| 41 |
Mine is in ~/bin/. |
| 42 |
|
| 43 |
> 2. Insert (new) commands into the script. |
| 44 |
|
| 45 |
$EDITOR |
| 46 |
|
| 47 |
> 3. convert new scrited commands into rulesets |
| 48 |
> 4. Load rulesets into the /var/lib/iptables/rules-save |
| 49 |
|
| 50 |
Don't do this. Run your script, and let "/etc/init.d/iptables save" do |
| 51 |
the work for you. |
| 52 |
|
| 53 |
> 5. Restart the iptables/netfilter firewall |
| 54 |
|
| 55 |
If you flush/reset like I describe above, this is not necessary, just |
| 56 |
run your script. |
| 57 |
|
| 58 |
> If what I work above [A] is correct then I just need some suggestions |
| 59 |
> as to where the scipt should be located under /etc/, for |
| 60 |
> consistentcy with gentoo mindsets. |
| 61 |
|
| 62 |
You can put it anywhere you like. I prefer ~/bin/ since there I know |
| 63 |
it is *not* something that Gentoo created. |
| 64 |
|
| 65 |
-Richard |
| 66 |
-- |
| 67 |
gentoo-user@g.o mailing list |
Archives