Thursday, 12 July 2012

using iptables-persistent with Ubuntu 12.04

i recently found in 12.04 that if-pre-up.d wasn't being called as i thought it should...turns out there's a reason.

seeing as Network Manager has pretty much taken over, you can't easily use /etc/network/if-pre-up.d to reliably reload iptables rules.... the easy way out is to install iptables-persistent

from an elevated terminal issue

apt-get install iptables-persistent

it will ask if you want to save rules for ipv4 and ipv6, choose as you wish (if you already have iptables configured as you would like then yes would be a good idea).

if you want to manually overwrite what has been saved...

for ipv4 you want to overwite /etc/iptables/rules.v4

for ipv6 you want to overwrite /etc/iptables/rules.v6

you can either create/edit the files manually (the format is not that much different from regular iptables commands, but it is different) or just set up iptables as you like and use iptables-save to save it to the relevant file.

bear in mind that this will not save the current rules on shutdown (as used to happen by implementing iptables-save through if-post-down.d. instead it will always revert to the rules contained in /etc/iptables/rules.v4 or /etc/iptables/rules.v6).
in other words, make sure that /etc/iptables/rules.v4 or /etc/iptables/rules.v6 contains a 'safe' set of iptables, it can be a real ballache if you have to physically attend a server that you should be able to access remotely ;)

No comments:

Post a Comment