Working with IPTables
John G. Heim
jheim at math.wisc.edu
Thu Sep 25 20:48:24 UTC 2008
> But, if I want to play around with IPTables directly, any tips?
> Many thanks,
> Christian
I kind of stole my technique from Red Hat. It's not exactly what they do.
The first thing I do is save the current iptables rule set to a file with
the iptables-save command. Then, if it gets messed up, I can put it back
with the iptables-restore command. Oh, by the way, when you're messing with
your rules, login at the console or via a serial port. Do not ssh.
After you save the rules, you can either make a copy of the rules file and
tweak that. Or you can just type in a new iptables rule and see if it does
what you want. If it does, you can use the iptables-save command again.
I don't think there is any easy way to learn to use iptables. It has a
rather steep learning curve. I think that the only thing you can do is ask
the google for iptables tutorials and dig in.
Once you have a set of rules you like, save them with iptables-save and then
put a call to iptables-restore somewhere in your startup. Like in
/etc/rc.local. I use debian so I put mine in an init.d script named
firewall. That way it starts automatically at boot and when I'm messing with
it, I can say any of the following:
/etc/init.d/firewall start
/etc/init.d/firewall stop
/etc/init.d/firewall restart
More information about the Blinux-list
mailing list