From: richard hauswald <staenker@rhcs.de>
Cc: netfilter@lists.netfilter.org
Subject: Re: Adding variables to iptables file
Date: Tue, 08 Mar 2005 13:09:45 +0100 [thread overview]
Message-ID: <422D9609.9020601@rhcs.de> (raw)
In-Reply-To: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAQrQTl2OGOEWpZSe7NzzKncKAAAAQAAAAc3JzitFkUE6dTyLL0qVAQQEAAAAA@bigpond.net.au>
Hello,
i do not know what a syntax the iptables restore programm uses. But i
know that you should write a shell script containing your iptables
system calls.
Ok, a verry short example:
(I use this script for disabling my firewall and enabling routing and Nat.)
---------------------------------------------------------------------
#! /bin/bash
ext_int="ppp0"
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o $ext_int -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
---------------------------------------------------------------------
After you started this script, you can do an iptables-save and the you
are able to restore your rules.
But i would prefer starting this script instead of using iptables-save
and iptables-restore.
If you have a dial in account with dynamic ipadresses an a huge
firewallscript i would prefer the use of 3 files:
static.var
dynamic.var
rc.firewall
static.var contains static definitions of your network, for example your
internal ip adsress, internal interfacename, .....
dynamic.var contains dynamicly changing informations like external ip,
dns servers, external interfacename, ...
rc.firewall contains the following 2 lines:
. /path/to/file/static.var
. /path/to/file/dynamic.var
and your firewall rules.
if you want i can provide an example how to get the dynamic information.
regards
richard hauswald
next prev parent reply other threads:[~2005-03-08 12:09 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-08 10:25 Adding variables to iptables file Veena Etcell
2005-03-08 12:09 ` richard hauswald [this message]
2005-03-08 12:56 ` Petrisor Bobalca
[not found] <Pine.LNX.4.60.0503080528530.2382@darkstar.sysinfo.com>
2005-03-08 10:36 ` Veena Etcell
2005-03-08 22:18 ` John A. Sullivan III
2005-03-08 22:50 ` Dimitri Yioulos
2005-03-09 1:37 ` Jason Opperisano
-- strict thread matches above, loose matches on Subject: below --
2005-03-09 15:43 Dimitri Yioulos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=422D9609.9020601@rhcs.de \
--to=staenker@rhcs.de \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox