From: "Richard Fish" <bigfish@asmallpond.org>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: iptables wiki
Date: Wed, 5 Jul 2006 09:22:50 -0700 [thread overview]
Message-ID: <7573e9640607050922ra5f37a4j683a73e8f7e04d3a@mail.gmail.com> (raw)
In-Reply-To: <loom.20060705T170301-173@post.gmane.org>
On 7/5/06, James <wireless@tampabay.rr.com> wrote:
> > 1) /etc/init.d/iptables save
> This will work if one loads the rules manually at the command line.
> Where do I put a scirpt of iptables command, so it is read the
> rule sets generated and then saved into /var/lib/iptables/rules-save?
Anywhere you like. All that matters is that you run it so your
iptables are setup like you want, then run "/etc/init.d/iptables save"
followed by "rc-update -a iptables default".
> After that if I want to modify the rules, I edit my script, run
> my script manually, then issue:
> "iptables-save > /var/lib/iptables/rules-save"
No, "/etc/init.d/iptables save" is the better choice. The file might
move, or the format change, or something similar.
> If I want to then test the rules, without rebooting, I issue:
>
> /etc/init.d/iptables stop
> /etc/init.d/iptables start
Not necessary. After running your script, the tables will be setup
according to the script, and you can test away. You probably want
your script to have the following at the top:
iptables -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
This flushes all rules, and resets the default policies, so that only
the rules that you specify later take effect. Very useful for
clearing out old artifacts of stuff...
> What I'm looking for is the series of steps to
> 1. Where best to locate my script?
Mine is in ~/bin/.
> 2. Insert (new) commands into the script.
$EDITOR
> 3. convert new scrited commands into rulesets
> 4. Load rulesets into the /var/lib/iptables/rules-save
Don't do this. Run your script, and let "/etc/init.d/iptables save" do
the work for you.
> 5. Restart the iptables/netfilter firewall
If you flush/reset like I describe above, this is not necessary, just
run your script.
> If what I work above [A] is correct then I just need some suggestions
> as to where the scipt should be located under /etc/, for
> consistentcy with gentoo mindsets.
You can put it anywhere you like. I prefer ~/bin/ since there I know
it is *not* something that Gentoo created.
-Richard
--
gentoo-user@gentoo.org mailing list
next prev parent reply other threads:[~2006-07-05 16:37 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-05 3:07 [gentoo-user] iptables wiki james
2006-07-05 10:03 ` Daniel
2006-07-05 15:28 ` [gentoo-user] " James
2006-07-05 16:22 ` Richard Fish [this message]
2006-07-05 18:30 ` James
2006-07-05 19:55 ` Richard Fish
2006-07-05 16:32 ` Dale
2006-07-05 16:45 ` James
2006-07-05 17:27 ` Dale
2006-07-05 18:36 ` Steve Wilson
2006-07-06 1:59 ` Dale
2006-07-06 7:37 ` Neil Bothwick
2006-07-06 8:22 ` [gentoo-user] march in /etc/make.conf Pawel K
2006-07-06 8:35 ` Dirk Heinrichs
2006-07-06 9:27 ` Alexander Skwar
2006-07-06 9:46 ` Dirk Heinrichs
2006-07-06 9:50 ` Uwe Thiem
2006-07-06 10:13 ` Alexander Skwar
2006-07-21 11:51 ` Enrico Weigelt
2006-07-06 8:36 ` Janusz Bossy
2006-07-21 11:56 ` Enrico Weigelt
2006-07-06 9:26 ` Alexander Skwar
2006-07-06 10:29 ` Neil Bothwick
2006-07-11 1:03 ` [gentoo-user] Re: iptables wiki Dale
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7573e9640607050922ra5f37a4j683a73e8f7e04d3a@mail.gmail.com \
--to=bigfish@asmallpond.org \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox