You are not logged in.

#1 2013-05-06 08:24:11

Lockheed
Member
Registered: 2010-03-16
Posts: 1,440

iptables configuration won't stick

I followed wiki and configured iptables firewall like this:

iptables-restore < /etc/iptables/empty.rules
iptables -N TCP
iptables -N UDP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
iptables -A INPUT -p icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
iptables -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
iptables -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-rst
iptables -A INPUT -j REJECT --reject-with icmp-proto-unreachable
iptables -I TCP -p tcp -m recent --update --seconds 60 --name TCP-PORTSCAN -j REJECT --reject-with tcp-rst
iptables -D INPUT -p tcp -j REJECT --reject-with tcp-rst
iptables -A INPUT -p tcp -m recent --set --name TCP-PORTSCAN -j REJECT --reject-with tcp-rst
iptables -I UDP -p udp -m recent --update --seconds 60 --name UDP-PORTSCAN -j REJECT --reject-with port-unreach
iptables -D INPUT -p udp -j REJECT --reject-with icmp-port-unreach
iptables -A INPUT -p udp -m recent --set --name UDP-PORTSCAN -j REJECT --reject-with icmp-port-unreach
iptables -A TCP -p tcp --dport 80 -j ACCEPT
iptables -A TCP -p tcp --dport 21 -j ACCEPT
iptables -A UDP -p udp --dport 53 -j ACCEPT
iptables -A TCP -p tcp --dport 4662 -j ACCEPT
iptables -A UDP -p udp --dport 4665 -j ACCEPT
iptables -A TCP -p tcp --dport 27097 -j ACCEPT
iptables -A UDP -p udp --dport 27097 -j ACCEPT
iptables-save > /etc/iptables/iptables.rules 
iptables -D INPUT -j REJECT --reject-with icmp-proto-unreachable
iptables -A INPUT -j REJECT --reject-with icmp-proto-unreachable
iptables-save > /etc/iptables/iptables.rules 
iptables=/etc/iptables/iptables.rules

And it works fine until I reboot, at which point all settings are back to default


Laptop: ThinkPad W500, C2D P9500, 8GB, Radeon RV635 (HD3650), Arch | Server/fw: Zotac AQ01, A4-5000 Kabini, 4GB, Arch/pfSense VM

Offline

#2 2013-05-06 08:28:45

illusionist
Member
From: localhost
Registered: 2012-04-03
Posts: 498

Re: iptables configuration won't stick

Is your iptables.service starting at boot ?

Last edited by illusionist (2013-05-06 08:28:56)


  Never argue with stupid people,They will drag you down to their level and then beat you with experience.--Mark Twain
@github

Offline

#3 2013-05-06 08:39:42

Lockheed
Member
Registered: 2010-03-16
Posts: 1,440

Re: iptables configuration won't stick

Yes


Laptop: ThinkPad W500, C2D P9500, 8GB, Radeon RV635 (HD3650), Arch | Server/fw: Zotac AQ01, A4-5000 Kabini, 4GB, Arch/pfSense VM

Offline

Board footer

Powered by FluxBB