Greetings!
I am about to reprogram IPtables on my bubba, but entering the rules one by one by hand is tedious, and would make it hard to change the rules if needed.
Is there any way to batch-load a new rule-set into IPtables (such as creating a text file on the bubba's HDD, and instructing IPtables to load it)?
New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
Feeding new rules into IPtables
Re: Feeding new rules into IPtables
That is in fact how the regular firewall operates. It uses 'iptables-save' and 'iptables-restore' to save and load the rules from the file '/etc/network/firewall.conf'. The firewall script itself is somewhat strange (and has been frowned upon): if you stop or restart the firewall it saves the current active rules to disk but doesn't make any changes to the firewall rules (you'd expect 'stop' to clear all rules) - if you start the firewall it loads the rules from disk
A note of caution: it's fairly easy to lock yourself out when fondling with iptables. If you happen to do this, do NOT shutdown the Bubba because it will save the bad rules that are shutting you out. Pull the power instead. While I may be stating the obvious, if you manually enter bad rules in Bubba's firewall.conf file you'll be running a lost course anyway, so don't touch that file!
A note of caution: it's fairly easy to lock yourself out when fondling with iptables. If you happen to do this, do NOT shutdown the Bubba because it will save the bad rules that are shutting you out. Pull the power instead. While I may be stating the obvious, if you manually enter bad rules in Bubba's firewall.conf file you'll be running a lost course anyway, so don't touch that file!
Re: Feeding new rules into IPtables
Aha.
I tried to enter the new rules (ssh-ing into the bubba, su-ing, opening /etc/network/firewall.conf with nano, pasting new rules into the file, saving it, and finally entering iptables-restart), but it just overwrote the new rules with the old ones.
Then I tried entering the commands one line at a time at the ssh prompt, and almost all of them were accepted. However, when I gave the command iptables-save, the new rules were overwritten again.
What am I doing wrong?
I tried to enter the new rules (ssh-ing into the bubba, su-ing, opening /etc/network/firewall.conf with nano, pasting new rules into the file, saving it, and finally entering iptables-restart), but it just overwrote the new rules with the old ones.
Then I tried entering the commands one line at a time at the ssh prompt, and almost all of them were accepted. However, when I gave the command iptables-save, the new rules were overwritten again.
What am I doing wrong?
Re: Feeding new rules into IPtables
Unsure...
If you enter the command 'iptables-save' at the command prompt it will just dump the current rules to standard output. The only issue that I'm aware of is that the firewall rules get reloaded on DHCP renewal, but it would be really strange if that occurred every few minutes (seconds?).
If you enter the command 'iptables-save' at the command prompt it will just dump the current rules to standard output. The only issue that I'm aware of is that the firewall rules get reloaded on DHCP renewal, but it would be really strange if that occurred every few minutes (seconds?).