Results 1 to 8 of 8

Thread: make current iptables persistent

  1. #1

    Default make current iptables persistent

    Dear All,

    I need to make the current iptable rules persistent. When i restart the iptables, the previous rules vanishes.
    Looking for help
    Best Regards,
    Ghulam Yaseen

  2. #2
    Join Date
    Jun 2008
    Location
    Finland, European Union
    Posts
    2,029

    Default Re: make current iptables persistent

    Optimally you should add any iptables rules to SuSEfirewall but if you are not using it you can use the iptables-save and iptables-restore commands to save and apply the 'current' iptables rules.

    man iptables-save
    and
    man iptables-restore

    for help on the issue. They're quite simple to use, really.

    As an example;
    iptables-save > firewall-rules
    iptables-restore < filewall-rules

  3. #3

    Default Re: make current iptables persistent

    This is fine as far as doing it manually. But in some cases like i am not at office and the other attendee reboots the system, so he does not know any thing regarding the iptables rules, i need this thing to happen automatically after reboot.
    I hope all understood my problem.
    Quote Originally Posted by Chrysantine View Post
    Optimally you should add any iptables rules to SuSEfirewall but if you are not using it you can use the iptables-save and iptables-restore commands to save and apply the 'current' iptables rules.

    man iptables-save
    and
    man iptables-restore

    for help on the issue. They're quite simple to use, really.

    As an example;
    iptables-save > firewall-rules
    iptables-restore < filewall-rules
    Best Regards,
    Ghulam Yaseen

  4. #4
    Join Date
    Jun 2008
    Location
    Finland, European Union
    Posts
    2,029

    Default Re: make current iptables persistent

    Well you could add the commands (iptables-save / iptables-restore) to save the rules into the startup and shutdown scripts, this would allow anyone to boot the system and the rules would still be in place.

    However such a system comes with one problem - if someone made completely senseless rules and then booted the system, they would be saved and restored on the next startup.

  5. #5

    Default Re: make current iptables persistent

    Sorry to change the topic but let me know.....

    "what can be the iptables rule to forward port 80 packets to 8080"
    Best Regards,
    Ghulam Yaseen

  6. #6

    Default Re: make current iptables persistent

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Please start a new thread for new issues so they can be found in the
    future by those looking.

    Google: port forward iptables

    The first few hits all cover this as it is a very common query.

    Good luck.





    ghulamyaseen wrote:
    > Sorry to change the topic but let me know.....
    >
    > "what can be the iptables rule to forward port 80 packets to 8080"
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.9 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iQIcBAEBAgAGBQJKFqwBAAoJEF+XTK08PnB52bEQANbT4rb76JciFEpYwcywD0BL
    tmtco4k+rFJoh+KqSa8mBeNHw7vaZCFqF4HicGq2VaLrJy+EoQvkEfgU9kaPxCtb
    0EYpE+iPmm+qkDTt5BPp3SBHkKSUaR6OeIlLhkgi9ft6xMjd3tyYqDrjHJXsf0/L
    aos9eP3ZZl8i223h8Ika0nIZkf2gyBiUfbErViXHRa68m0EX6JB75qszwf+Hoe7P
    4ek/AuNpReYN2ma4vt0Z3kPa1IgoPakjg4CvCfSXtfvxcS6hfMnOHw3BYb02nzqZ
    w++y/5HtPsABR4gfJ7R7eAwTnqjs4HFUCbTiw/qbz2CiqcLPOu3ke6YJbtQ4thKD
    FMv49+WFaKmwYiXBOEkM+x2HWRYLP/AkSZEN3tE5QLp5sY06iiy8dQykuIumaUzQ
    TZDQJQZQVdCo3PEEI7xzmRqfN3nJ2Q9pT00Hb5HvgOc/5deOoJNmptERc5FVBSnR
    rNNlZzjXGj/R/mMigNiFEd5sLbzlTIpxb/JPG+4Ex4zqNNSf2lluQejwceL+V5dS
    N0btIdbL6kLfpYnsrRoz9h4BqlrD6PJYPV4OmwtaugoZDta6HGRlneHbpRunlIuV
    cPLiWGxy81pJ6I2xVY5sz8awq2eGU3pwpBhqDVSILgYxB3a1V4Xb4PGgPOnL11di
    /XRB7TfA0NdKB38cv9kz
    =3So0
    -----END PGP SIGNATURE-----

  7. #7

    Default Re: make current iptables persistent

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Exactly on all points. If you want to do it the supported/official/happy
    way then use SuSEfirewall2, preferably manipulating the rules via Yast.
    If you want to roll your own that's fine too. On a system where I needed
    dynamic rules to be persisted across reboots I did this by creating a
    'firewall' script in /etc/init.d that simply does exactly as Chrysantine
    mentioned in that it saves out the rules to a file and then loads them
    back up again on startup. If, though, somebody ever figures out how to
    make the box block SSH dynamically I'll then be out of luck when it comes
    to getting back in the box.

    Good luck.






    Chrysantine wrote:
    > Well you could add the commands (iptables-save / iptables-restore) to
    > save the rules into the startup and shutdown scripts, this would allow
    > anyone to boot the system and the rules would still be in place.
    >
    > However such a system comes with one problem - if someone made
    > completely senseless rules and then booted the system, they would be
    > saved and restored on the next startup.
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.9 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iQIcBAEBAgAGBQJKFqxfAAoJEF+XTK08PnB5/QAP/juiJQT1smd7gr8c1aUu/lNR
    9G4mzUCXFZk7Dhv4GMfRN9OlGAt5ElL7BjQHYnrZuUHqKXok17sXOYEoXVxwE+ym
    iZ0bq1MwvGrZx3gbZRqqrwecIZpTNUmmTGmBq2CaK/kuFXPBnzH9ud1ReIcvueqe
    t0EYTzl9lo58BmzKWW0ygTriPtuAzVJiFLZE0pVHrrsDJJ+y3tNUV5RZTEG2eDzy
    fWkdfnwlflVKk89tTr86Yvg/NlHP1kIDYBNkClFbAIR2D+eFqC9V1XX0HrGzLMNw
    CmXI9RoIoxIbr6HsLSkWHAxoAWK61suWAyMFzmZqAehv8U4LJNkyUCFk5eRPDPr3
    K0Xap4VRBzNlCsejQWZh/HVDj76UNNwQVGxGDi3BcPNVUKmf9QU0pOx29lNUL9Nk
    E+Ym4NEBF80vDY5qVtNA3aqHx1cyQDeOQU9RA3Re6SiH1i1hnLdOXsu4qug3P/Ry
    Lps8zqKDT5JoOSn+R5M08XlLjrB799cOlc9Gf32168VGwk9xTJ6cZ8+4zwbIM+8K
    LDyaT/qh7UdgW+5B53PbY2+MMCsw14I45e93VGj2DAr8Y1Qv8ZKL4jnZKU9nu5ax
    nlSxIXKmNLzQEm3LAVm3AyaoVaPh8U2qsn2OTRWVwg9+Tt0crI988ElNpigPMsul
    ymzE7tSE2E5YoB+1jcPc
    =a0HK
    -----END PGP SIGNATURE-----

  8. #8

    Default Re: make current iptables persistent

    ok, but even i have already opened a new thread
    Quote Originally Posted by ab@novell.com View Post
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Exactly on all points. If you want to do it the supported/official/happy
    way then use SuSEfirewall2, preferably manipulating the rules via Yast.
    If you want to roll your own that's fine too. On a system where I needed
    dynamic rules to be persisted across reboots I did this by creating a
    'firewall' script in /etc/init.d that simply does exactly as Chrysantine
    mentioned in that it saves out the rules to a file and then loads them
    back up again on startup. If, though, somebody ever figures out how to
    make the box block SSH dynamically I'll then be out of luck when it comes
    to getting back in the box.

    Good luck.






    Chrysantine wrote:
    > Well you could add the commands (iptables-save / iptables-restore) to
    > save the rules into the startup and shutdown scripts, this would allow
    > anyone to boot the system and the rules would still be in place.
    >
    > However such a system comes with one problem - if someone made
    > completely senseless rules and then booted the system, they would be
    > saved and restored on the next startup.
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.9 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - Enigmail: A simple interface for OpenPGP email security

    iQIcBAEBAgAGBQJKFqxfAAoJEF+XTK08PnB5/QAP/juiJQT1smd7gr8c1aUu/lNR
    9G4mzUCXFZk7Dhv4GMfRN9OlGAt5ElL7BjQHYnrZuUHqKXok17sXOYEoXVxwE+ym
    iZ0bq1MwvGrZx3gbZRqqrwecIZpTNUmmTGmBq2CaK/kuFXPBnzH9ud1ReIcvueqe
    t0EYTzl9lo58BmzKWW0ygTriPtuAzVJiFLZE0pVHrrsDJJ+y3tNUV5RZTEG2eDzy
    fWkdfnwlflVKk89tTr86Yvg/NlHP1kIDYBNkClFbAIR2D+eFqC9V1XX0HrGzLMNw
    CmXI9RoIoxIbr6HsLSkWHAxoAWK61suWAyMFzmZqAehv8U4LJNkyUCFk5eRPDPr3
    K0Xap4VRBzNlCsejQWZh/HVDj76UNNwQVGxGDi3BcPNVUKmf9QU0pOx29lNUL9Nk
    E+Ym4NEBF80vDY5qVtNA3aqHx1cyQDeOQU9RA3Re6SiH1i1hnLdOXsu4qug3P/Ry
    Lps8zqKDT5JoOSn+R5M08XlLjrB799cOlc9Gf32168VGwk9xTJ6cZ8+4zwbIM+8K
    LDyaT/qh7UdgW+5B53PbY2+MMCsw14I45e93VGj2DAr8Y1Qv8ZKL4jnZKU9nu5ax
    nlSxIXKmNLzQEm3LAVm3AyaoVaPh8U2qsn2OTRWVwg9+Tt0crI988ElNpigPMsul
    ymzE7tSE2E5YoB+1jcPc
    =a0HK
    -----END PGP SIGNATURE-----
    Best Regards,
    Ghulam Yaseen

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •