On 08/11/2018 05:29 AM, Hubert Hauser wrote:
> Good afternoon!
>
> I've problem with resetting iptables after restarting system. Here's my
> /usr/local/bin/fwall-rules file:
>
> Running command fwall-rules after restarting system works. What am I
> doing wrong?
>
> --
> Best regards,
> Hubert Hauser.
>
It seems the firewalls before and after are what you want, according to
your script? There are a few minor differences, but those are the rules
that you specify in the script.
If you're talking about the iptables rules disappearing on reboot,
that's just how iptables works. You need to restore the iptables rules
on every reboot.
There are a few ways to do this. The easiest way would be to install the
iptables-persistent package, which will handle restoring
(ip(6)tables-restore /etc/iptables/rules.v{4,6}) at boot time, or you
could follow the instructions here
<https://wiki.debian.org/iptables#Storing_iptables_rules_in_a_file>.
Also, a few notes about your script:
iptables-save dumps out the current iptables rules into a file.
iptables-apply applies the dump, but in your script, since the rules
have already been set in iptables, there is no need to run
iptables-{apply,restore}.
You probably don't need to maintain a separate script. I'd just maintain
/etc/iptables/rules.v{4,6} and have it be restored by iptables-restore.
That way, I can avoid having to maintain a separate script every time I
want to change my firewall rules.
iptables-apply is used to apply some rules file, then wait for user
confirmation. This makes sure that if your rules block you out of your
ssh session or similar, you don't accidentally make the machine
unreachable by you. In your case, since the rules have already been
applied (you added them in the script), iptables-apply will "undo" the
apply to the previous state, which is already problematic. So there is
no point to using iptables-apply here, since the rules are already
inside iptables.
