[blfs-support] iptables question
bruce.dubbs at gmail.com
Sun Mar 3 09:16:56 PST 2013
> Can iptables as per the blfs bootsctipt be restarted? ( If not so, is a
> reboot always necessary ) or if so how so?
The iptables script in "Setting Up a Network Firewall" clears/flushes
all rules ar the beginning:
# Set a known state
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
# These lines are here in case rules are already in place and the
# script is ever rerun on the fly. We want to remove all rules and
# pre-existing user defined chains before we implement new rules.
iptables -t nat -F
# Other rules here
The bootscript, /etc/rc.d/init.d/iptables, at start just runs this
script and (re)sets all rules. To change rules, just edit
/etc/rc.d/rc.iptables and run it or run `/etc/rc.d/init.d/iptables
start` (does the same thing).
The boot script lock and clear arguments clears all rules and does what
the rule describes: locks down the system so no packets get through or
clears the system so all packets get through.
More information about the blfs-support