Note, that this recipe is not updated long time and could be outdated!
Got it.

Iptables inicializācijas skripts

Ubuntu distributīvos, uzstādot Iptables pakešu filtrēšanas pārvaldības lietotne, netiek izveidots inicializācijas skripts. Tāpēc šo failu nepieciešams izveidot un tā izsaukšanu nokonfigurēt manuāli.

  1. Izveido init skriptu:

    sudo touch /etc/init.d/iptables
    sudo chmod 755 /etc/init.d/iptables

  2. Izpilda komandu 

    sudo gedit /etc/init.d/iptables

  3. Failā ieliek tajā sekojošu saturu:

    #!/bin/sh
    # see: http://ubuntuforums.org/showthread.php?t=19106
    #This is a ubuntu adapted iptables script from gentoo
    #(http://www.gentoo.org) which was originally distributed
    # under the terms of the GNU General Public License v2
    #and was Copyrighted 1999-2004 by the Gentoo Foundation
    #
    #This adapted version was intended for and ad-hoc personal
    #situation and as such no warranty is provided.

    IPTABLES_SAVE="/etc/default/iptables-rules"
    SAVE_RESTORE_OPTIONS="-c"
    SAVE_ON_STOP="yes"

    checkrules() {
      if [[ ! -f $>{IPTABLES_SAVE} ]]
      then
        echo "Not starting iptables. First create some rules then run"
        echo ""/etc/init.d/iptables save""
        return 1
      fi
    }

    save() {
      echo "Saving iptables state"
      /sbin/iptables-save ${SAVE_RESTORE_OPTIONS} > ${IPTABLES_SAVE}
    }

    start(){
      checkrules || return 1
        echo  "Loading iptables state and starting firewall"
        echo -n "Restoring iptables ruleset"
        # Enable forwarding (if necessary)
        echo 1 >/proc/sys/net/ipv4/ip_forward
        start-stop-daemon --start --quiet --exec /sbin/iptables-restore — ${SAVE_RESTORE_OPTIONS} < ${IPTABLES_SAVE}
    }

    case "$1" in
      save)
            save
            echo "."
            ;;

      start)
        start
      echo "."
      ;;
      stop)
        if [[ "$>{SAVE_ON_STOP}" = "yes" ]]; then
          save || exit 1
        fi
        echo -n "Stopping firewall"
        for a in `cat /proc/net/ip_tables_names`; do
          /sbin/iptables -F -t $a
          /sbin/iptables -X -t $a

          if [[ $a == nat ]]; the>n
            /sbin/iptables -t nat -P PREROUTING ACCEPT
            /sbin/iptables -t nat -P POSTROUTING ACCEPT
            /sbin/iptables -t nat -P OUTPUT ACCEPT
          elif [[ $a == mangle ]]; the>n
            /sbin/iptables -t mangle -P PREROUTING ACCEPT
            /sbin/iptables -t mangle -P INPUT ACCEPT
            /sbin/iptables -t mangle -P FORWARD ACCEPT
            /sbin/iptables -t mangle -P OUTPUT ACCEPT
            /sbin/iptables -t mangle -P POSTROUTING ACCEPT
          elif [[ $a == filter ]]; the>n
            /sbin/iptables -t filter -P INPUT ACCEPT
            /sbin/iptables -t filter -P FORWARD ACCEPT
            /sbin/iptables -t filter -P OUTPUT ACCEPT
          fi
        done
        start-stop-daemon --stop --quiet --pidfile /var/run/iptables.pid --exec /sbin/iptables
        echo "."
        ;;

      restart)
        echo -n "Flushing firewall"
          for a in `cat /proc/net/ip_tables_names`; do
            /sbin/iptables -F -t $a
              /sbin/iptables -X -t $a
          done;
        start
        echo "."
        ;;
      **)
        echo "Usage: /etc/init.d/iptables {start|stop|restart|save}" >&2
        exit 1
        ;;
    esac

    exit 0

  4. Pievieno init skripta izsaukumu:

    sudo update-rc.d iptables start 37 S . stop 37 0 .

  5. Saglabā tekošos iestatījumus:

    /etc/init.d/iptables save

  6. Pārstartē iptables:

    /etc/init.d/iptables restart

  
Tags Linux Tīkls Inicializācija Pārvaldība Iestatījumi Tīkls Tīkls
Created by Valdis Vītoliņš on 2008-08-09 10:31
Last modified by Valdis Vītoliņš on 2021-04-13 14:30
 
Xwiki Powered
Creative Commons Attribution 3.0 Unported License