I work on Linux and want to add rules to iptable. I want these rules to be immutable anyway (either changed or deleted). What should I do? Note that for me the rules that are running and kept in memory are important, not the rules that are stored in the iptable rules file.
I found a way to save the rules in a file and compare them with the rules backup file and detect the changes, but it's not a good way, I think it's too slow and there are ways to bypass this check.
There is no way to do that. root can always change the ruleset, no matter what.
In addition to that, locking individual rules is pointless, since their order and other interference factors are important in consideration of how the whole ruleset works. For example, instead of disabling or changing some rule I can add another rule above it with the same (or wider) match that could do some other action, overriding the old rule and rendering it useless (as if it doesn't exist). You should lock the whole ruleset at once, i.e. the whole firewall configuration, and not individual rules.
The only way to make sure the firewall configuration is immutable is to tightly control who can get root privileges, which you should do anyway.
