Posted by ltackmann on Fri 6 Oct 2006 at 10:10
Debian does not provide an initscript for iptables by default. This does however not mean that it is impossible to get firewall rules to survive a reboot.
Actually the Debian way is logical and works very well. First create some iptables rules and list them:
iptables --list
if the listed rules satisfy your needs, then save them somewhere. I use /etc/firewall.conf but this location is not fixed:
iptables-save > /etc/firewall.conf
Then create a script so ifupdown loads these rules on boot:
echo "#!/bin/sh" > /etc/network/if-up.d/iptables echo "iptables-restore < /etc/firewall.conf" >> /etc/network/if-up.d/iptables chmod +x /etc/network/if-up.d/iptables
Now reboot your machine and pray - the rules should come up exactly like before (use "iptables --list" to verify this).
This article can be found online at the Debian Administration website at the following bookmarkable URL (along with associated comments):
This article is copyright 2006 ltackmann - please ask for permission to republish or translate.