iptables start on boot – Ubuntu/Debian

 

By default Ubuntu/Debian OS wont load iptable on boot.

So to load iptables on boot use follow procedure:

Save iptable conf with iptables-save command:

iptables-save > /etc/iptables.conf

Next, open file with name /etc/network/if-up.d/iptables and add following content:

#!/bin/sh
iptables-restore < /etc/iptables.conf

Change permission file /etc/network/if-up.d/iptables as executable with following command:

chmod +x /etc/network/if-up.d/iptables

Now, iptables will restored on boot.

Whenever you change iptable rules don’t forgot to update iptables.conf file. Use following command to update iptables.conf file:

iptables-save > /etc/iptables.conf

iptables allow port for ip

 

To allow only an ip to access a port use following iptables rule

iptables -I INPUT -p tcp -m tcp -s 192.168.2.20 --dport 8080 -j ACCEPT

Above iptables rule will allow only 192.168.2.20 to access port 8080 and reject all other ip addresses.

Similarly we can give any other ip address and port combination.

iptables allow one ip address

 

To allow one trusted IP address to access all incoming packets add following line in iptables-precursor:

iptables -A INPUT -s 192.168.2.2 -j ACCEPT

where 192.168.2.2 is the IP address I would like to allow, change the IP address as per your requirement.

After adding above line run following commands to get it updated:

$ source iptables-precursor

$ iptables-save > iptables

In above commands I used relative pats for iptables-precursor and iptables.

Load iptables on boot Ubuntu

 

There is no iptables service avilable in Ubuntu like service iptables start and service iptables stop. Because of this we can’t start iptables boot.

There is small hack to start iptables on boot in Ubuntu/Debian. I will be explaining it here.

First write all you iptables rules in your Ubuntu machine.

Then save you need to save iptables rules in a text file with iptables-save command.

$ sudo iptables-save > iptables_rules

Copy or move iptables_rules file in to some directory (H ere I am using /etc/sysconfig/).

Now open /etc/network/interfaces to edit and add following line below iface lo inet loopback,  then save and exit.

pre-up iptables-restore /etc/sysconfig/iptables_rules

Now reboot and test for iptables rules.

To test run sudo iptables -L command, and you should see the rules you added.

-Sany

Remove all iptables rules in Ubuntu

To remove/flush all iptables rules in your Ubuntu server/desktop you need to write small script with following content.

Open a file with name iptables_stop.sh, and add below content to it

#!/bin/sh
echo "Stopping firewall and allowing everyone..."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Then run sh iptables_stop.sh from your command line.

To conform the change run iptables -L and output appear like below without any rules.

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

-Sany