Jump to content
Forums in Read-Only Mode - Please use Reddit ×
  • 0

How to experiment with firewall

ballsystemlord

Asked by ballsystemlord,

 Share

Question

ballsystemlord Newbie

ballsystemlord

Posted
Posted

Hello, I wanted to set up a firewall and on my previous distro, opensuse I used yast to do it and it was an on off type deal. With funtoo it requires that I start the service and test that ot's working the way I want it to and I wanted to know how I could make changes and apply them, now, instead of saving them permenently.

If I run /etc/init.d/iptables start (which I think you do to start the firewall), then it needs me to save some rules and I only wanted to see how those rules affected the firewall, to make certain that I know that what I'm doing is the right thing.

This may not be the bast way to do this and you can recommend another one, as I said, I've never actually used iptables before.

Link to comment
Share on other sites

2 answers to this question

Recommended Posts

  • 0
sputnik Newbie

sputnik

Posted
Posted

I use iptables and AFAIK that's the way to do it, really on any distro.  After all, you can immediately stop and start at will.  Manually starting like that will give you immediate feedback if something's wrong, i.e. it will verbally complain and just not start usually.  

When testing new statements, just INSERT or APPEND them live, with iptables already running.  You'll get instant feedback.  After everything works you can do iptables-save to save the current rules in memory.  Conversely you can do iptables-restore to dump any new changes.  Yeah, but I dunno, sometimes it doesn't work all that logically, I like to back up the /var/lib/iptables/rules-save file just in case, I've got a lot of rules.  :P   Save and restore have messed me up more than once.

The rules are written to /var/lib/iptables/rules-save, so if you are concerned about losing lots of previous work you can easily make copies of that file and replace it after changes.  Or you can manually test/back-out the changes one by one.  After you are happy with all rc-update add iptables default will auto-start the iptables on boot.

I do know what you mean about the initial "hey, you gotta save some rules first" thing, frankly I forget how I got past that.  I guess you could just create /var/lib/iptables/rules-save with something like this in it:

 -A INPUT -s 192.168.0.0/24 -j ACCEPT

(or whatever your subnet address is) and go from there, just delete that later if you don't want it.  Once you have some rules saved you won't see that again.

Link to comment
Share on other sites
 Share
Go to question listing
×
×
  • Create New...