Install iptables as a service
To add iptables as a service, you have to:
Here is an example. This script only allows ssh, http, and https, and established connexions. It rejects everything else.
I think we can put iptables in each init level. But I have decided to start this service after network service, it is the level 1. To do that, simply write.
Okay, how does it work:
You should get the message:
- Generate a iptable script in /etc/init.d/iptables
- Configure it as a service
Iptable script
Here is an example. This script only allows ssh, http, and https, and established connexions. It rejects everything else.
#!/bin/sh
IPTABLES=/sbin/iptables
case "$1" in
start)
echo -n "Starting IPTABLES... "
# Clear old rules
$IPTABLES -X
$IPTABLES -F
$IPTABLES -Z
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport ssh -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT
$IPTABLES -A INPUT -j DROP
echo "done."
;;
stop)
echo -n "Stopping IPTABLES... "
$IPTABLES -X
$IPTABLES -F
$IPTABLES -Z
echo "done."
;;
restart)
echo -n "Restarting IPTABLES... "
$0 stop > /dev/null
sleep 1
$0 start > /dev/null
echo "done."
;;
*)
echo "Usage: $0 {start|stop|restart}"
;;
esac
Configuring the service
I think we can put iptables in each init level. But I have decided to start this service after network service, it is the level 1. To do that, simply write.
sudo update-rc.d iptables start 99 1 .
Okay, how does it work:
- iptables is the name of the script
- start : We want to start the service
- 99: is the id of the service, each service is started from the init level, and for each level the order depends on the id. We just run iptables as the last service.
- 1: is the init level
You should get the message:
Adding system startup for /etc/init.d/iptables ...
/etc/rc1.d/S99iptables -> ../init.d/iptables
posted by Jacques Fontignie at 11:44 PM
0 Comments:
Post a Comment
<< Home