How to persist Iptables Firewall configuration
0, Index
- Introduction
- How to install iptables configuration persistence utility
- Install netfilter-persistent
- Install iptables-persistent
- Write iptables rules
- References
1, Introduction
Do you konw “iptables” ?
This is a front-end tool for configure kernel packet filters.
So, iptables is not firewall, but setting tool.
When used normally, iptables’s handmade-setting will be reset after a Linux reboot.
If you read this article, you will know how to prevent handmade setting reset.
In other words, I wrote how to persist iptables setting.
2, How to install iptables configuration persistence utility
When I tried, Two software were required.
So, Install the two software with administrator user.
(1) Install netfilter-persistent
Run the command:
apt-get install netfilter-persistent
If that command execute success, The following message would be output by system.
root@TESTSPACE:/var/log# apt-get install netfilter-persistent Reading package lists… Done Building dependency tree Reading state information… Done Suggested packages: iptables-persistent The following NEW packages will be installed: netfilter-persistent 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 8,792 B of archives. After this operation, 36.9 kB of additional disk space will be used. Get:1 http://cdn-fastly.deb.debian.org/debian stretch/main amd64 netfilter-persi stent all 1.0.4+nmu2 [8,792 B] Fetched 8,792 B in 0s (10.4 kB/s) Selecting previously unselected package netfilter-persistent. (Reading database … 25418 files and directories currently installed.) Preparing to unpack …/netfilter-persistent_1.0.4+nmu2_all.deb … Unpacking netfilter-persistent (1.0.4+nmu2) … Setting up netfilter-persistent (1.0.4+nmu2) … Created symlink /etc/systemd/system/multi-user.target.wants/netfilter-persistent .service → /lib/systemd/system/netfilter-persistent.service. update-rc.d: warning: start and stop actions are no longer supported; falling ba ck to defaults Processing triggers for systemd (232-25+deb9u8) …
(2) Install iptables-persistent
Run the command:
apt-get install iptables-persistent
When executed, the following messages would be output.
root@TESTSPACE:/var/log# apt-get install iptables-persistent Reading package lists… Done Building dependency tree Reading state information… Done The following NEW packages will be installed: iptables-persistent 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 10.7 kB of archives. After this operation, 43.0 kB of additional disk space will be used. Get:1 http://cdn-fastly.deb.debian.org/debian stretch/main amd64 iptables-persistent all 1.0.4+nmu2 [10.7 kB] Fetched 10.7 kB in 1s (8,180 B/s) Preconfiguring packages … Selecting previously unselected package iptables-persistent. (Reading database … 25429 files and directories currently installed.) Preparing to unpack …/iptables-persistent_1.0.4+nmu2_all.deb … Unpacking iptables-persistent (1.0.4+nmu2) … Setting up iptables-persistent (1.0.4+nmu2) …
(3) Write iptables rules
After completing steps (1) and (2) above, Your system can persist iptables settings.
Write down firewall rules:
/etc/iptables/rules.v4 /etc/iptables/rules.v6
If you want to apply configuration changes, you run command:
netfilter-persistent reload
When executed, the following messages would be output.
root@TESTSPACE:/etc/iptables# netfilter-persistent reload run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start root@TESTSPACE :/etc/iptables#
Check the result of setting change apply.
Run command:
iptables -L
When executed, The rules for the running your system’s firewall are output.
3, References
- iptablesの設定方法 – さくらのサポート情報
- Ubuntuでiptablesの設定をiptables-persistentで永続化する | iwashi.co
- iptablesの設定と設定の永続化 | Sysrigar
最近のコメント