I.T. Security and Linux Administration

Aug 8 2011   12:07PM GMT

[Script] iptables Helper

Eric Hansen Eric Hansen Profile: Eric Hansen

After messing around with the elusive iptables firewall for a few (very, very long) days, I’ve written a couple of functions that help me when it comes to saving and reloading the rules. Keep in mind, this is a default path (see /etc/conf.d/iptables to see where your rules should be stored), so you might have to edit this a little. Lets begin!

The first one is reloading the rules. At first I didn’t understand why iptables-restore would just hang there when I ran it (silly me for not checking the man pages first, right? ;) ). It just simply loads the rules file in and goes about its way. I’m sure there’s a way to source the /etc/conf.d/iptables file into your .bashrc file (which is where I keep these functions, as I alias them to the normal programs), but I felt like doing this the long way.

function reload_iptables () {

RULES=”/etc/iptables/iptables.rules”

if [ -e "$RULES" ]; then

echo -n “Restoring iptables rules from $RULES…”

iptables-restore < $RULES

echo “done.”

fi

}

Now, for saving. This one’s a little bit trickier, and here’s why. Whenever I run iptables-save > /etc/iptables/iptables.rules after about 5 or so times (I like to save my rules after I know something works), I’ll get errors saying that there’s too many open files for the rules file. Normally you’d just do lsof and such to find out where these are, but I tried running lsof on iptables, and without iptables, doing grep’s, doing the same thing with ps aux…it just was not working for me. I even increased the /proc/sys/fs/file-max value to some huge amount, and it still caused problems. What this means is basically I’d have to restart my server to fix this issue, and I couldn’t find any answer via Goog…I mean, my trusty memory and books. What I did find out though, is that if you save the rules as a different file, and just basically overwrite the old ones, it works without issues! Which is good since I spent about 5 hours last night trying to get all my different systems to work properly…

function save_iptables () {

RULES=”/etc/iptables/iptables.rules”

echo “Checking for existing $RULES file…”

if [ -e "$RULES" ]; then

echo “Found rules file, deleting.”

rm -rf $RULES

fi

echo -n “Saving rules to $RULES.new…”

/usr/sbin/iptables-save > $RULES.new

echo “done.”

echo -n “Moving $RULES.new to $RULES…”

mv $RULES.new $RULES

echo “done.”

if [ -e "$RULES" ]; then

# This is just an error check…you don’t NEED this

echo “iptables rules saved.”

fi

}

What I did after was just create aliases in my .bashrc file for iptables-save & iptables-restore, and then do source .bashrc. I’ve thought about, also, doing a little write up on using iptables, even though there’s already a lot of guides out there, a lot of them are far more technical than they need to be. So, I think I will, at least write about how I set up my proxy and HTTP set up, as they don’t listen on the proper ports, there’s a little bit more work around needed.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Eric Hansen
    [...] 2. Script Name: iptables Helper [...]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: