Home   >>   Iptables   >>   How To Create IPTables Startup Script For Ubuntu/Debian
How To Create IPTables Startup Script For Ubuntu/Debian PDF Print E-mail
( 2 Votes )
How To - Iptables
Written by Christian Foronda   
Thursday, 19 May 2011 16:15

Create direcotry:

# mkdir /etc/iptables

 

Create configuration file:

# vi /etc/iptables/iptables.conf

 

# Should new manually added rules from command line be saved on reboot? Assign to a value different that 0 if you want this enabled.
SAVE_NEW_RULES=0

# Modules to load:
MODULES="nf_nat_ftp nf_conntrack_ftp nf_nat_irc nf_conntrack_irc"

# Enable Routing?
ENABLE_ROUTING=1

SAVE_NEW_RULES - controls whether you need to save the new iptables rules when you run /etc/init.d/iptables stop.
MODULES - used to define the option to loaded when you run /etc/init.d/iptables start.
ENABLE_ROUTING - option defines if you need routing (forwarding) between the interfaces of the system.

 

Create startup script:

# vi /etc/init.d/iptables

 

#!/bin/bash
### BEGIN INIT INFO
# Provides:          iptables
# Required-Start:    mountkernfs $local_fs
# Required-Stop:     $local_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Set up iptables rules
### END INIT INFO

PATH="/sbin:/bin:/usr/sbin:/usr/bin"

# Include config file
. /etc/iptables/iptables.conf

case "$1" in

start)
    if [ -e /var/run/iptables ]; then
        echo "iptables is already started!"
        exit 1
    else
        touch /var/run/iptables
    fi

    if [ $ENABLE_ROUTING -ne 0 ]; then
        # Enable Routing
        echo 1 > /proc/sys/net/ipv4/ip_forward
    fi

    # Load Modules
    modprobe -a $MODULES

    # Load saved rules
    if [ -f /etc/iptables/rules ]; then
        iptables-restore </etc/iptables/rules
    fi
    ;;

stop|force-stop)
    if [ ! -e /var/run/iptables ]; then
        echo "iptables is already stopped!"
        exit 1
    else
        rm /var/run/iptables
    fi

    if [ $SAVE_NEW_RULES -ne 0 ]; then
        # Backup old rules
        cp /etc/iptables/rules /etc/iptables/rules.bak
        # Save new rules
        iptables-save >/etc/iptables/rules
    fi

    # Restore Default Policies
    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT

    # Flush rules on default tables
    iptables -F
    iptables -t nat -F
    iptables -t mangle -F

    # Unload previously loaded modules
    modprobe -r $MODULES

    # Disable Routing if enabled
    if [ $ENABLE_ROUTING -ne 0 ]; then
        # Disable Routing
        echo 0 > /proc/sys/net/ipv4/ip_forward
    fi

    ;;

restart|force-reload)
    $0 stop
    $0 start
    ;;

status)
    echo "Filter Rules:"
    echo "--------------"
    iptables -L -v
    echo ""
    echo "NAT Rules:"
    echo "-------------"
    iptables -t nat -L -v
    echo ""
    echo "Mangle Rules:"
    echo "----------------"
    iptables -t mangle -L -v
    ;;
*)
    echo "Usage: $0 {start|stop|force-stop|restart|force-reload|status}" >&2
    exit 1
    ;;
esac

exit 0

 

# chmod +x /etc/init.d/iptables

 

Add to startup:

# update-rc.d iptables defaults

 

Save your existing rules:

# touch /etc/iptables/rules
# iptables-save > /etc/iptables/rules

 

Use the script to start/stop/restart iptables:

# /etc/init.d/iptables
Usage: iptables {start|stop|force-stop|restart|force-reload|status}

 

http://www.ubuntucy.org/wiki/index.php/A_persistent_iptables_startup_script_for_Debian_based_systems



blog comments powered by Disqus
back to top
Next >
Last Updated on Monday, 18 July 2011 17:11