Setting IPtables rules into a file

Question

Currently I have a debian install with a shell script which has the following content (as an example):

# Setup iptables
IPT="/sbin/iptables"

# Flush old rules, old custom tables
$IPT --flush
$IPT --delete-chain

# Set default policies for all three default chains
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT

I was wondering if, instead of putting these rules in a shell script, I could have them in a file such as iptables.rules instead? This raises two further questions:

Would I need to modify the contents of the script
Where would I need to link the rules file to

Wherever you found that tutorial, it is ancient, far out of date, and wrong. — Michael Hampton, Nov 24 '13 at 02:58

nandoP · Accepted Answer · 2013-11-24T02:23:10.610

0

everything you need to know is here

http://www.tldp.org/LDP/abs/html/

after you have your init script to your liking, you can install it in /etc/init (varies depending on distro) so your processes will survive a reboot

EDIT:

iptables is a special case, where once you have your rules to your liking, you can run

sudo service iptables save

and your rules will be saves accross reboots

edited Nov 24 '13 at 02:23

answered Nov 24 '13 at 02:09

nandoP

2,021
14
15

score 0 · Answer 2 · answered Nov 24 '13 at 07:49

I think the answers you are looking for might be here: https://wiki.debian.org/iptables

Basically, the answer is yes. I'm just wondering what you are trying to accomplish. Like nandoP said, you can just use 'iptables save' to save your rules and make them persistent. If you want to save a template rules file to duplicate firewall settings across a few systems you can use your saved rules file as input for iptables-restore.

Setting IPtables rules into a file

2 Answers2