Suppose we have our rules of iptables already thought, but no matter how well we write them in a terminal, whenever we restart the computer it is as if we had never declared those rules ... that is, every time we restart the computer, the rules or changes that we have made in iptables are lost.
To avoid that, there are several solutions ... I will talk to you here about the way in which I make sure that does not happen 🙂
Knowing which rules to use, we put them in a file (/ etc / iptables-script e.g.) and we give it execution permissions (chmod + x /etc/iptables-script.sh), once that is done, there is only one more step left 😉
I will use as an example the rules for iptables what do I use in my laptop, I leave them in the paste our: Paste No.4411
1. I have those rules and I put them in a file called: iptables-script , found in / etc /
2. Then I give execute permissions: chmod + x / etc / iptables-script
3. And now the final step, we must tell the system to run that script when it starts, for that we put it in the file /etc/rc.local. You can see my rc.local here: Paste No.4412
Ready, nothing else, when you start your PC the rules will apply (yes they are all 100% fine) 😀
And don't worry… a VERY detailed tutorial will come (I hope to finish it soon) about iptables, geared towards newbies, explained quite fun and simple 🙂
regards
Thank you very much for the info. IPtables is a pending subject that I always stretch for another time. Waiting for the tutorial! In particular, I would like to be able to connect from anywhere to my home computer via ssh, but it is complicated because at home I have a router and the IP that my ISP provides me changes frequently. By no-ip.org I have been able to create a host, the issue is that it seems to me that I have blocked ports (from the Router and I don't know if by IPTables as well). Anyway, as I said before, waiting for the tutor!
Hello and welcome 😀
About the router I don't know, but it could be yep ... it could be blocked there. Now, on your computer, if you do not use any firewall, it would be enough to install SSH and start it and voila, port 22 open requesting password 🙂
I am working on the other tutorial, I am really explaining it very didactically and simply haha.
Greetings and thanks for your comment 😀
Another one here waiting for new things about iptables
It's on its way 😀
Thanks for stopping by and commenting ^ - ^
Well this iptables is one of the most fascinating things that I still do not know but what little I have seen suggests that years ago I had to decide to use Gnu / Linux. I like it….
Well friend, I am always pending to put into practice the good tutorials that you publish. The Iptables will be waiting for you.
Brother,
But is this machine serving as a proxy or is it just to connect to the internet and be protected? There are things that I do not understand.
Not nothing about proxy, for proxy you would also need to open the port of that service (3128 for example). Don't worry, I'll put a tutorial explaining iptables 😀
On Debian, one way to make rules load automatically is to install the iptables-persistent package (seemingly little known)
I started using this variant, but finally I opted to place a script in /etc/network/if-pre-up.d/ to be able to do other more advanced things like setting restrictive policies like fallback in case there is a bug with the main rules .
Could you explain what you establish in Paste No.4411? I read it but I don't know what it is about heh!
(In case you have already posted another tutorial excuse the question but I searched for iptables and found a few tutorials)
And on the other hand, what they mention of the iptables-persistent package serves as a replacement for what you mention?
For now I am already implementing what you detail in https://blog.desdelinux.net/iptables-para-novatos-curiosos-interesados/
Hi 😀
Yes, it's actually not that complicated.
- First I set variables, in order to save writing some extra characters, this from lines 4 to 18.
- After 23 to 25 I clean everything that I have written in iptables, which is blank or 100% clean for then I write the rules.
- In 29 and 30 I establish that by default I will NOT allow any incoming traffic (input) on my laptop, and any traffic that passes through it (forward)
- In 34 I say that lo (lo = localhost, which is the laptop itself) can use the network.
- In 38 I specify that the connections that I initiate, if those connections generate packets that will try to enter the computer, as I was the beginning of those packets (since they were generated by something I did) then they will be able to enter.
- Now from 42 I begin to allow connections of different types or through different ports. That is, in No.42 I allow incoming ping, from my home network (variable casa_network) to the IP that my laptop has at home (variable geass_casa_lan).
- In 43 the same, but in this case I specify that it is the IP of my laptop at home, yes, but instead of LAN it will be through Wifi.
- And from then on it is the same type of rules ... allow access to certain ports or services that I have on my laptop, to certain IPs or networks 🙂
I really recommend you read this: https://blog.desdelinux.net/iptables-para-novatos-curiosos-interesados/
If after this you still have doubts with certain rules, please ask me here or through the forum (http://foro.desdelinux.net) and I really clarify what it takes 🙂
About iptables-persistent I have not actually used it, I could not assure you ... it happens that filtering packets, specifically iptables is a very delicate matter, since a large part of the security of our system depends on this, and for this reason it is that if I am not sure of something, then I do not ensure its correct operation.
regards
Thanks for the reply. Yes I read the link that you give me! In fact, until I shutdown / restart they are being applied sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m state –state ESTABLISHED, RELATED -j ACCEPT (plus the previous one mentioned in that post).
After a couple of readings about firewalls and how I am forced to keep in touch and receive files that come from PCs with M $, it seemed correct to implement iptables.
If I copy the content of Paste No.4411 to my notebook, would I have to change something or would it just work?
Every computer is different, because every user is. You first have to define what services you have on your computer (web, etc.) and know which ones you want to be public (that others can access), and which ones not.
In my script (which I have to modify already hehe) I define that the web server (HTTP) will be visible for certain IPs, the ping will allow it for everyone in certain networks, etc etc etc.
If you need help, write to my personal email, I will be happy to help you: kzkggaara[@]desdelinux[.]net
Or, leave a post in our forum and more users will help you: http://foro.desdelinux.net
I'm putting together a topic in the forum, thanks for the answers. And get ready for a few more doubts heh! Anyway I am reading a little of the subject so as not to abuse
testing ... to see if you receive me, I have a lot of questions to ask you ...!
Hi bro I wanted to see if there are more tutorials apart from this post that I start in iptables and I want to document myself