How to persist Iptables Firewall configuration

0, Index

  1. Introduction
  2. How to install iptables configuration persistence utility
    1. Install netfilter-persistent
    2. Install iptables-persistent
    3. Write iptables rules
  3. References

1, Introduction

Do you konw “iptables” ?

This is a front-end tool for configure kernel packet filters.

So, iptables is not firewall, but setting tool.

When used normally, iptables’s handmade-setting will be reset after a Linux reboot.

If you read this article, you will know how to prevent handmade setting reset.

In other words, I wrote how to persist iptables setting.

2, How to install iptables configuration persistence utility

When I tried, Two software were required.

So, Install the two software with administrator user.

(1) Install netfilter-persistent

Run the command:

apt-get install netfilter-persistent

If that command execute success, The following message would be output by system.

root@TESTSPACE:/var/log# apt-get install netfilter-persistent
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 Suggested packages:
   iptables-persistent
 The following NEW packages will be installed:
   netfilter-persistent
 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
 Need to get 8,792 B of archives.
 After this operation, 36.9 kB of additional disk space will be used.
 Get:1 http://cdn-fastly.deb.debian.org/debian stretch/main amd64 netfilter-persi                                                                                        stent all 1.0.4+nmu2 [8,792 B]
 Fetched 8,792 B in 0s (10.4 kB/s)
 Selecting previously unselected package netfilter-persistent.
 (Reading database … 25418 files and directories currently installed.)
 Preparing to unpack …/netfilter-persistent_1.0.4+nmu2_all.deb …
 Unpacking netfilter-persistent (1.0.4+nmu2) …
 Setting up netfilter-persistent (1.0.4+nmu2) …
 Created symlink /etc/systemd/system/multi-user.target.wants/netfilter-persistent                                                                                        .service → /lib/systemd/system/netfilter-persistent.service.
 update-rc.d: warning: start and stop actions are no longer supported; falling ba                                                                                        ck to defaults
 Processing triggers for systemd (232-25+deb9u8) …

(2) Install iptables-persistent

Run the command:

apt-get install iptables-persistent

When executed, the following messages would be output.

root@TESTSPACE:/var/log# apt-get install iptables-persistent
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following NEW packages will be installed:
   iptables-persistent
 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
 Need to get 10.7 kB of archives.
 After this operation, 43.0 kB of additional disk space will be used.
 Get:1 http://cdn-fastly.deb.debian.org/debian stretch/main amd64 iptables-persistent all 1.0.4+nmu2 [10.7 kB]
 Fetched 10.7 kB in 1s (8,180 B/s)
 Preconfiguring packages …
 Selecting previously unselected package iptables-persistent.
 (Reading database … 25429 files and directories currently installed.)
 Preparing to unpack …/iptables-persistent_1.0.4+nmu2_all.deb …
 Unpacking iptables-persistent (1.0.4+nmu2) …
 Setting up iptables-persistent (1.0.4+nmu2) …

(3) Write iptables rules

After completing steps (1) and (2) above, Your system can persist iptables settings.

Write down firewall rules:

/etc/iptables/rules.v4
/etc/iptables/rules.v6

If you want to apply configuration changes, you run command:

netfilter-persistent reload

When executed, the following messages would be output.

root@TESTSPACE:/etc/iptables# netfilter-persistent reload
 run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
 run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
root@TESTSPACE :/etc/iptables#

Check the result of setting change apply.

Run command:

iptables -L

When executed, The rules for the running your system’s firewall are output.

3, References

コメントを残す

メールアドレスが公開されることはありません。 * が付いている欄は必須項目です

CAPTCHA