- user : root
- host : grodoudou.seizam.com
- date : 06/07/12 19:08
- curpath : /home/yannouk
- Edit /etc/iptables.rules, see [1]
- Edit /etc/network/if-post-down.d/iptables-save, see [2]
[email protected]# chmod +x /etc/network/if-post-down.d/iptables-save
- Edit /etc/network/if-pre-up.d/iptables-load, see [3]
[email protected]# chmod +x /etc/network/if-pre-up.d/iptables-load
[email protected]# /etc/network/if-pre-up.d/iptables-load
[email protected]# iptables -L -v --line-numbers
Chain INPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 62 4664 ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
2 0 0 ACCEPT all -- lo any anywhere anywhere
3 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:www
4 0 0 ACCEPT icmp -- eth0 any 176.31.225.250 anywhere
5 0 0 ACCEPT tcp -- eth0 any cache.ovh.net anywhere tcp dpt:ssh
6 0 0 ACCEPT tcp -- eth0 any anywhere anywhere tcp dpt:65422
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 32 packets, 3216 bytes)
num pkts bytes target prot opt in out source destination
- [1] Edit /etc/iptables.rules
# Generated by iptables-save v1.4.8 on Sat Jun 9 23:05:22 2012
*raw
:PREROUTING ACCEPT [104947:58849083]
:OUTPUT ACCEPT [116446:25644513]
COMMIT
# Completed on Sat Jun 9 23:05:22 2012
# Generated by iptables-save v1.4.8 on Sat Jun 9 23:05:22 2012
*nat
:PREROUTING ACCEPT [7950:1248157]
:INPUT ACCEPT [5012:372560]
:OUTPUT ACCEPT [34655:6369055]
:POSTROUTING ACCEPT [34655:6369055]
COMMIT
# Completed on Sat Jun 9 23:05:22 2012
# Generated by iptables-save v1.4.8 on Sat Jun 9 23:05:22 2012
*mangle
:PREROUTING ACCEPT [104947:58849083]
:INPUT ACCEPT [104947:58849083]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [116446:25644513]
:POSTROUTING ACCEPT [116446:25644513]
COMMIT
# Completed on Sat Jun 9 23:05:22 2012
# Generated by iptables-save v1.4.8 on Sat Jun 9 23:05:22 2012
*filter
:INPUT DROP [6:1432]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [180:32222]
[90934:57193636] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[5888:399526] -A INPUT -i lo -j ACCEPT
[118:6308] -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
[3018:253512] -A INPUT -s 176.31.225.250/32 -i eth0 -p icmp -j ACCEPT
[0:0] -A INPUT -s 213.186.50.100/32 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
[1:60] -A INPUT -i eth0 -p tcp -m tcp --dport 65422 -j ACCEPT
COMMIT
# Completed on Sat Jun 9 23:05:22 2012
- [2] Edit /etc/network/if-post-down.d/iptables-save
--- old 2012-06-07 19:16:42.000000000 +0200
+++ new 2012-06-07 19:17:09.000000000 +0200
@@ -0,0 +1,3 @@
+#!/bin/sh
+iptables-save -c > /etc/iptables.rules
+exit 0
- [3] Edit /etc/network/if-pre-up.d/iptables-load
--- old 2012-06-07 19:18:26.000000000 +0200
+++ new 2012-06-07 19:18:58.000000000 +0200
@@ -0,0 +1,3 @@
+#!/bin/sh
+iptables-restore < /etc/iptables.rules
+exit 0