Linux Firewall iptables

I am just setting up a testbed Linux iptables based firewall. (redhat)

I have managed to setup the iptables rules so traffic is blocked apart from the traffic I want.

My problem is how to start iptables on boot.

I currently have an iptables startup file in the /etc/rc.d/init.d location this also works with chkconfig --level .....

The script does run on boot up but my firewall rules are written in this startup script which seems odd to me.

What is the best why to start iptables and where should the firewall rules go

thanks

Thorpe,

IPTables is a favourite of mine and I've spent countless hours trying to figure them out and I can tell you I still haven't mastered them!

Concering starting them up when your machine boots, what I always end up doing is the following:

1) Save my rules in a file, usually called "rules"
2) Place 'rules' in /etc/rc.d/
3) Edit /etc/rc.d/rc.local and create an entry: /etc/rc.d/rules

Of course, I always make sure the 'rules' file starts with #!/bin/sh
and the file itself has the 'x' attribute so it can be executed.

Let us know what solution you implemented!

Cheers,

thats how I had the rules start at startup when I played with iptables. I'm not sure if theres a better way.

I made a slight tweak to your method.

I quiet like the OK messages on boot up and shutdown so I implemented a SysV type iptables startup script.

in /etc/rc.d/init.d I created an iptables script

I used start for modprobe ip_tables
I used stop for modprobe -r ip_tables

this way I got the ok messages to appear and I can use chkConfig to manage startup of the iptables

I then created a rules file and used rc.local to execute that script

everything seems to be working A OK.

Do you see any problems with this way of starting up iptables. I know there is an issues with if I tell chkconfig not start iptables on boot then rc.local will still try and load the rules.

I may put the call to the rules script from the SysV startup script in init.d