Coder Social home page Coder Social logo

evank / iptables-persistent Goto Github PK

View Code? Open in Web Editor NEW

This project forked from zertrin/iptables-persistent

0.0 1.0 0.0 112 KB

An 'init.d' script (aimed at Debian) to make iptables rules persistent over reboots. This one is modified to handle fail2ban's rules reloading and to be compatible with ip6tables for IPv6-enabled servers. Included is an homemade multipurpose config.

Home Page: http://zertrin.org/projects/iptables-persistent/

iptables-persistent's Introduction

iptables-persistent

Based on Debian's iptables-persistent package that loads iptables rules using rules specified at /etc/iptables/rules

This one is modified to properly handle fail2ban's rules reloading when starting/stopping/reloading iptables's rules via iptables-persistent (fail2ban inserts its own rules at the beginning of iptables current ruleset when (re)started). If fail2ban is not installed, iptables-persistent will ignore any action related to file2ban.

For IPv6 enabled servers, ip6tables rules management is properly handled too, by activating the corresponding parameter in the configuration file (see below).

Provided is an example set of rules as quickstart. It is pretty restrictive, forwarding being disabled and only DNS, ping and SSH being allowed inbound by default. You must review it and adapt it to your needs.

Installation

To use:

  • copy the init.d script iptables-persistent to /etc/init.d/ and make it executable

  • copy iptables-persistent.conf to /etc/default/iptables-persistent.conf and edit it to suit your needs

  • copy rules to /etc/iptables/rules and edit it to suit your needs

  • copy ipv6_rules to /etc/iptables/ipv6_rules and edit it to suit your needs (you can copy this file even if you don't activate IPv6 support in the configuration, it will be ignored)

  • make iptables-persistent to be lauched at startup

update-rc.d iptables-persistent defaults

Configuration variables

Edit /etc/default/iptables-persistent.conf to set the following parameters:

  • SAVE_NEW_RULES (default: 0) - if set different than 0 then the current iptables ruleset will be saved with iptables-save when iptables-persistent is stopped (or restarted)

  • MODULES (default: "") - a space-separated list of the modules that iptables-persistent should load/unload. Useful to activate FTP connection tracking for example.

  • IPV6 (default: 0) - if set different than 0 it will additionnaly use ip6tables to handle the loading/unloading of the ruleset stored at /etc/iptables/ipv6_rules

  • ENABLE_ROUTING (default: 0) – if set different than 0 then routing is enabled (in /proc/sys/net/ipv4/ip_forward and /proc/sys/net/ipv6/conf/all/forwarding), otherwise it’s not.

iptables-persistent's People

Contributors

zertrin avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.