Iptables: Difference between revisions
(New page: Category: Installation notes ===Packages=== <pre> Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend |/ Err?=(none)...) |
|||
| (4 intermediate revisions by the same user not shown) | |||
| Line 13: | Line 13: | ||
===Config files=== | ===Config files=== | ||
*/etc/default/iptables | */etc/default/iptables | ||
*/etc/network/interfaces | |||
Instead of using a service called from /etc/init.d, iptables is started immediately before the external network connection is established by means of this configuration in /etc/network/interfaces: | |||
<pre> | |||
auto eth0 | |||
iface eth0 inet dhcp | |||
pre-up iptables-restore < /etc/default/iptables | |||
</pre> | |||
Well, I thought that would be all that I needed, but after a reboot my firewall is a mess. I need to keep ufw from stomping on my configuration, so I need to integrate with ufw instead of trying to just port my old iptables rules. | |||
I'm following these instructions: https://help.ubuntu.com/8.04/serverguide/C/firewall.html | |||
I updated | |||
*/etc/default/ufw | |||
*/etc/ufw/sysctl.conf | |||
*/etc/ufw/before.rules | |||
I think this means that I can remove the rc.local script that I have that enables forwarding. | |||
Bah, I can't get ufw to do my bidding so I'm removing it and falling back to a straight iptables firewall. You would think that I could just insert my rules into the ufw config files, but I get parse errors. | |||
I was almost able to get it to work by starting with a vanilla ufw config and adding rules through the ufw interface, but I couldn't get it to allow pings. It doesn't seem to understand that icmp is a protocol. | |||
See also [[Hosts.deny]] | |||
Latest revision as of 23:48, 20 May 2008
Packages
Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Description +++-==========================-==========================-==================================================================== ii iptables 1.3.8.0debian1-1ubuntu2 administration tools for packet filtering and NAT
Config files
- /etc/default/iptables
- /etc/network/interfaces
Instead of using a service called from /etc/init.d, iptables is started immediately before the external network connection is established by means of this configuration in /etc/network/interfaces:
auto eth0 iface eth0 inet dhcp pre-up iptables-restore < /etc/default/iptables
Well, I thought that would be all that I needed, but after a reboot my firewall is a mess. I need to keep ufw from stomping on my configuration, so I need to integrate with ufw instead of trying to just port my old iptables rules.
I'm following these instructions: https://help.ubuntu.com/8.04/serverguide/C/firewall.html
I updated
- /etc/default/ufw
- /etc/ufw/sysctl.conf
- /etc/ufw/before.rules
I think this means that I can remove the rc.local script that I have that enables forwarding.
Bah, I can't get ufw to do my bidding so I'm removing it and falling back to a straight iptables firewall. You would think that I could just insert my rules into the ufw config files, but I get parse errors.
I was almost able to get it to work by starting with a vanilla ufw config and adding rules through the ufw interface, but I couldn't get it to allow pings. It doesn't seem to understand that icmp is a protocol.
See also Hosts.deny