[blfs-support] iptables question

Bruce Dubbs bruce.dubbs at gmail.com
Sun Mar 3 09:16:56 PST 2013


lux-integ wrote:
> Greetings
>
> QUESTION:
> Can iptables as per the blfs bootsctipt  be restarted? ( If not so, is a
> reboot always necessary )  or if so how so?

The iptables script in "Setting Up a Network Firewall" clears/flushes 
all rules ar the beginning:


# Set a known state
iptables -P INPUT   DROP
iptables -P FORWARD DROP
iptables -P OUTPUT  DROP

# These lines are here in case rules are already in place and the
# script is ever rerun on the fly. We want to remove all rules and
# pre-existing user defined chains before we implement new rules.
iptables -F
iptables -X
iptables -Z

iptables -t nat -F

# Other rules here

The bootscript, /etc/rc.d/init.d/iptables, at start just runs this 
script and (re)sets all rules.  To change rules, just edit 
/etc/rc.d/rc.iptables and run it or run `/etc/rc.d/init.d/iptables 
start` (does the same thing).

The boot script lock and clear arguments clears all rules and does what 
the rule describes: locks down the system so no packets get through or 
clears the system so all packets get through.

   -- Bruce



More information about the blfs-support mailing list