You are not logged in.
- Topics: Active | Unanswered
#1 2014-02-24 19:23:55
- pgoetz
- Member
- From: Austin, Texas
- Registered: 2014-02-21
- Posts: 355
[SOLVED] What is the best way to load iptables/nftables on boot?
Hi -
New arch user migrating from Ubuntu/debian. I'm used to loading netfilter iptable rules using an /etc/network/interfaces file. What is the best way to do this using netctl/systemd?
An RTFM of the wiki and a Google search didn't provide an answer, but maybe I'm just looking in the wrong places.
Last edited by pgoetz (2014-06-21 08:32:01)
Offline
#2 2014-02-24 19:35:10
- tomk
- Forum Fellow
- From: Ireland
- Registered: 2004-07-21
- Posts: 9,839
Re: [SOLVED] What is the best way to load iptables/nftables on boot?
It's in the iptables wiki page, although it doesn't explicitly say "this is how to run iptables on boot":
# systemctl enable iptablesFeel free to clarify the wiki page if you think it necessary.
Offline
#3 2014-02-24 19:58:33
- pgoetz
- Member
- From: Austin, Texas
- Registered: 2014-02-21
- Posts: 355
Re: [SOLVED] What is the best way to load iptables/nftables on boot?
Ah, OK -- got it. I can just blindly enable the iptables.service, and systemd will make sure the interfaces are up before running the service. How cool. I'm still getting used to the luxury of not having to worry about stuff like this myself. The only minor issue is it looks like I'll have to get the systemd nftables service out of AUR.
Last edited by pgoetz (2014-02-24 19:58:53)
Offline
#4 2014-02-24 20:05:17
- Spider.007
- Member
- Registered: 2004-06-20
- Posts: 1,175
Re: [SOLVED] What is the best way to load iptables/nftables on boot?
When enabling iptables using the systemd service; take care that it will be activated before the network is up. This means using hostnames in your fw rules doesn't work as no dns-server will be reachable
Offline
#5 2014-02-24 20:19:48
- pgoetz
- Member
- From: Austin, Texas
- Registered: 2014-02-21
- Posts: 355
Re: [SOLVED] What is the best way to load iptables/nftables on boot?
Thanks for the tip. It would seem to me that using hostnames in nf/iptables rules is a terrible idea under any circumstances. OTOH, iptables is probably one of the best arguments for using persistent network interface names, as I don't know of any way of getting around using these.
Offline
#6 2014-03-03 19:54:42
- Strike0
- Member
- From: Germany
- Registered: 2011-09-05
- Posts: 1,489
Re: [SOLVED] What is the best way to load iptables/nftables on boot?
The one systemd assigned is persistent. I'm not sure whether your last sentence was a question, if it was: https://wiki.archlinux.org/index.php/Co … vice_names
If it was not, please prepend [solved ] to your thread title by editing your first post.
Offline
#7 2014-03-06 19:10:46
- pgoetz
- Member
- From: Austin, Texas
- Registered: 2014-02-21
- Posts: 355
Re: [SOLVED] What is the best way to load iptables/nftables on boot?
I really should have split this into 2 questions. The "using iptables with netctl/systemd" question is solved, but what I'm really interested in is converting my firewall rules to nftables (particularly for this installation). I will mark this as SOLVED and will ask a more specific question if enabling nftables isn't clear from the iptables case. Thanks.
Offline