Home > Linux > Persitent iptables on Debian/Ubuntu

Persitent iptables on Debian/Ubuntu

Travel in Stygian
The damned scream my name
Travel in Stygian
I can’t repent it’s too late
(Iced Earth – Travel in Stygian)

RHEL has a standardized way of manipulating Linux firewall. File ‘/etc/sysconfig/iptables’ has stored firewall in iptables-save format. Since I have to sometimes use Debian based distributions, I often wondered why there isn’t a similar (standardized) way of handing iptables. Somene suggests to use UFW or Shorewall, but that are just wrappers around iptables made to make users life easier. But if you are iptables expert, then using wrappers is only drawing attention to wrong things and bringing in another layer of unnecessary complexity. So after a little research I found a better way to handle iptables on Debian distros. It’s called “iptables-persistent“. All a user has to do is:

# apt-get install iptables-persistent

So, how does it work? It installs init script called “iptables-persistent” and stores rules in iptables-save format in following two files:

  • /etc/iptables/rules.v4
  • /etc/iptables/rules.v6

Behaviour is similar to one of the RHEL ‘iptables’ script, you can write your own rules in that file or you can run iptables-save and copy output. I think this is a good approach towards standardization and too bad iptables-persistent is not a part of minimal Debian installation. Starting and stopping firewall is also pretty simple via sys-v style init script:

# /etc/init.d/iptables-persistent start

I really like this way of managing iptables.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: