make current iptables persistent

ghulamyaseen · May 22, 2009, 12:55pm

Dear All,

I need to make the current iptable rules persistent. When i restart the iptables, the previous rules vanishes.
Looking for help

Chrysantine · May 22, 2009, 1:49pm

Optimally you should add any iptables rules to SuSEfirewall but if you are not using it you can use the **iptables-save **and iptables-restore commands to save and apply the ‘current’ iptables rules.

man iptables-save
and
man iptables-restore

for help on the issue. They’re quite simple to use, really.

As an example;
iptables-save > firewall-rules
iptables-restore < filewall-rules

ghulamyaseen · May 22, 2009, 2:09pm

This is fine as far as doing it manually. But in some cases like i am not at office and the other attendee reboots the system, so he does not know any thing regarding the iptables rules, i need this thing to happen automatically after reboot.
I hope all understood my problem.

Chrysantine · May 22, 2009, 2:13pm

Well you could add the commands (iptables-save / iptables-restore) to save the rules into the startup and shutdown scripts, this would allow anyone to boot the system and the rules would still be in place.

However such a system comes with one problem - if someone made completely senseless rules and then booted the system, they would be saved and restored on the next startup.

ghulamyaseen · May 22, 2009, 2:45pm

Sorry to change the topic but let me know…

“what can be the iptables rule to forward port 80 packets to 8080”

ab · May 22, 2009, 3:43pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Please start a new thread for new issues so they can be found in the
future by those looking.

Google: port forward iptables

The first few hits all cover this as it is a very common query.

Good luck.

ghulamyaseen wrote:
> Sorry to change the topic but let me know…
>
> “what can be the iptables rule to forward port 80 packets to 8080”
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJKFqwBAAoJEF+XTK08PnB52bEQANbT4rb76JciFEpYwcywD0BL
tmtco4k+rFJoh+KqSa8mBeNHw7vaZCFqF4HicGq2VaLrJy+EoQvkEfgU9kaPxCtb
0EYpE+iPmm+qkDTt5BPp3SBHkKSUaR6OeIlLhkgi9ft6xMjd3tyYqDrjHJXsf0/L
aos9eP3ZZl8i223h8Ika0nIZkf2gyBiUfbErViXHRa68m0EX6JB75qszwf+Hoe7P
4ek/AuNpReYN2ma4vt0Z3kPa1IgoPakjg4CvCfSXtfvxcS6hfMnOHw3BYb02nzqZ
w++y/5HtPsABR4gfJ7R7eAwTnqjs4HFUCbTiw/qbz2CiqcLPOu3ke6YJbtQ4thKD
FMv49+WFaKmwYiXBOEkM+x2HWRYLP/AkSZEN3tE5QLp5sY06iiy8dQykuIumaUzQ
TZDQJQZQVdCo3PEEI7xzmRqfN3nJ2Q9pT00Hb5HvgOc/5deOoJNmptERc5FVBSnR
rNNlZzjXGj/R/mMigNiFEd5sLbzlTIpxb/JPG+4Ex4zqNNSf2lluQejwceL+V5dS
N0btIdbL6kLfpYnsrRoz9h4BqlrD6PJYPV4OmwtaugoZDta6HGRlneHbpRunlIuV
cPLiWGxy81pJ6I2xVY5sz8awq2eGU3pwpBhqDVSILgYxB3a1V4Xb4PGgPOnL11di
/XRB7TfA0NdKB38cv9kz
=3So0
-----END PGP SIGNATURE-----

ab · May 22, 2009, 3:45pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Exactly on all points. If you want to do it the supported/official/happy
way then use SuSEfirewall2, preferably manipulating the rules via Yast.
If you want to roll your own that’s fine too. On a system where I needed
dynamic rules to be persisted across reboots I did this by creating a
‘firewall’ script in /etc/init.d that simply does exactly as Chrysantine
mentioned in that it saves out the rules to a file and then loads them
back up again on startup. If, though, somebody ever figures out how to
make the box block SSH dynamically I’ll then be out of luck when it comes
to getting back in the box.

Good luck.

Chrysantine wrote:
> Well you could add the commands (iptables-save / iptables-restore) to
> save the rules into the startup and shutdown scripts, this would allow
> anyone to boot the system and the rules would still be in place.
>
> However such a system comes with one problem - if someone made
> completely senseless rules and then booted the system, they would be
> saved and restored on the next startup.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJKFqxfAAoJEF+XTK08PnB5/QAP/juiJQT1smd7gr8c1aUu/lNR
9G4mzUCXFZk7Dhv4GMfRN9OlGAt5ElL7BjQHYnrZuUHqKXok17sXOYEoXVxwE+ym
iZ0bq1MwvGrZx3gbZRqqrwecIZpTNUmmTGmBq2CaK/kuFXPBnzH9ud1ReIcvueqe
t0EYTzl9lo58BmzKWW0ygTriPtuAzVJiFLZE0pVHrrsDJJ+y3tNUV5RZTEG2eDzy
fWkdfnwlflVKk89tTr86Yvg/NlHP1kIDYBNkClFbAIR2D+eFqC9V1XX0HrGzLMNw
CmXI9RoIoxIbr6HsLSkWHAxoAWK61suWAyMFzmZqAehv8U4LJNkyUCFk5eRPDPr3
K0Xap4VRBzNlCsejQWZh/HVDj76UNNwQVGxGDi3BcPNVUKmf9QU0pOx29lNUL9Nk
E+Ym4NEBF80vDY5qVtNA3aqHx1cyQDeOQU9RA3Re6SiH1i1hnLdOXsu4qug3P/Ry
Lps8zqKDT5JoOSn+R5M08XlLjrB799cOlc9Gf32168VGwk9xTJ6cZ8+4zwbIM+8K
LDyaT/qh7UdgW+5B53PbY2+MMCsw14I45e93VGj2DAr8Y1Qv8ZKL4jnZKU9nu5ax
nlSxIXKmNLzQEm3LAVm3AyaoVaPh8U2qsn2OTRWVwg9+Tt0crI988ElNpigPMsul
ymzE7tSE2E5YoB+1jcPc
=a0HK
-----END PGP SIGNATURE-----

ghulamyaseen · May 22, 2009, 3:57pm

ok, but even i have already opened a new thread

ab@novell.com:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Exactly on all points. If you want to do it the supported/official/happy
way then use SuSEfirewall2, preferably manipulating the rules via Yast.
If you want to roll your own that’s fine too. On a system where I needed
dynamic rules to be persisted across reboots I did this by creating a
‘firewall’ script in /etc/init.d that simply does exactly as Chrysantine
mentioned in that it saves out the rules to a file and then loads them
back up again on startup. If, though, somebody ever figures out how to
make the box block SSH dynamically I’ll then be out of luck when it comes
to getting back in the box.

Good luck.

Chrysantine wrote:
> Well you could add the commands (iptables-save / iptables-restore) to
> save the rules into the startup and shutdown scripts, this would allow
> anyone to boot the system and the rules would still be in place.
>
> However such a system comes with one problem - if someone made
> completely senseless rules and then booted the system, they would be
> saved and restored on the next startup.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - Enigmail: A simple interface for OpenPGP email security

iQIcBAEBAgAGBQJKFqxfAAoJEF+XTK08PnB5/QAP/juiJQT1smd7gr8c1aUu/lNR
9G4mzUCXFZk7Dhv4GMfRN9OlGAt5ElL7BjQHYnrZuUHqKXok17sXOYEoXVxwE+ym
iZ0bq1MwvGrZx3gbZRqqrwecIZpTNUmmTGmBq2CaK/kuFXPBnzH9ud1ReIcvueqe
t0EYTzl9lo58BmzKWW0ygTriPtuAzVJiFLZE0pVHrrsDJJ+y3tNUV5RZTEG2eDzy
fWkdfnwlflVKk89tTr86Yvg/NlHP1kIDYBNkClFbAIR2D+eFqC9V1XX0HrGzLMNw
CmXI9RoIoxIbr6HsLSkWHAxoAWK61suWAyMFzmZqAehv8U4LJNkyUCFk5eRPDPr3
K0Xap4VRBzNlCsejQWZh/HVDj76UNNwQVGxGDi3BcPNVUKmf9QU0pOx29lNUL9Nk
E+Ym4NEBF80vDY5qVtNA3aqHx1cyQDeOQU9RA3Re6SiH1i1hnLdOXsu4qug3P/Ry
Lps8zqKDT5JoOSn+R5M08XlLjrB799cOlc9Gf32168VGwk9xTJ6cZ8+4zwbIM+8K
LDyaT/qh7UdgW+5B53PbY2+MMCsw14I45e93VGj2DAr8Y1Qv8ZKL4jnZKU9nu5ax
nlSxIXKmNLzQEm3LAVm3AyaoVaPh8U2qsn2OTRWVwg9+Tt0crI988ElNpigPMsul
ymzE7tSE2E5YoB+1jcPc
=a0HK
-----END PGP SIGNATURE-----