Implement persistence of iptables on reboot
Use the iptables-persistent package to implement persistence of iptables during a reboot for Ubuntu and Debian. Entries are saved to /etc/iptables/rules* on add-rule. These entries are restored on reboot. ( Note in later versions iptables-persistent is replaced by netfilter-persistent with plugins in iptables-persistent) Change-Id: I44b625111d5db34a444c5aa4f6e31c6009c8a6f5
This commit is contained in:
parent
355cce77f9
commit
5815b45ed0
@ -17,28 +17,30 @@ RULE="$@"
|
|||||||
|
|
||||||
DISTRO=`lsb_release -si` || true
|
DISTRO=`lsb_release -si` || true
|
||||||
|
|
||||||
IPT_FILE=
|
|
||||||
|
|
||||||
if [[ "RedHatEnterpriseServer CentOS Fedora" =~ "$DISTRO" ]]; then
|
if [[ "RedHatEnterpriseServer CentOS Fedora" =~ "$DISTRO" ]]; then
|
||||||
|
IPT_FILE=
|
||||||
# Check if the iptables service is active
|
# Check if the iptables service is active
|
||||||
if systemctl is-active iptables.service ; then
|
if systemctl is-active iptables.service ; then
|
||||||
IPT_FILE=/etc/sysconfig/iptables
|
IPT_FILE=/etc/sysconfig/iptables
|
||||||
fi
|
fi
|
||||||
|
if [ -f "$IPT_FILE" ]; then
|
||||||
elif [[ "Debian Ubuntu" =~ "$DISTRO" ]]; then
|
|
||||||
|
|
||||||
IPT_FILE=/etc/iptables/iptables
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f "$IPT_FILE" ]; then
|
|
||||||
|
|
||||||
iptables-restore < $IPT_FILE
|
iptables-restore < $IPT_FILE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$IPT_FILE" ]; then
|
if [ -n "$IPT_FILE" ]; then
|
||||||
|
|
||||||
iptables -C $RULE || iptables -I $RULE
|
iptables -C $RULE || iptables -I $RULE
|
||||||
|
|
||||||
iptables-save > $IPT_FILE
|
iptables-save > $IPT_FILE
|
||||||
|
fi
|
||||||
|
|
||||||
|
elif [[ "Debian Ubuntu" =~ "$DISTRO" ]]; then
|
||||||
|
service iptables-persistent reload
|
||||||
|
|
||||||
|
iptables -C $RULE || iptables -I $RULE
|
||||||
|
|
||||||
|
service iptables-persistent save
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
@ -7,5 +7,7 @@ install-packages iptables
|
|||||||
DISTRO=`lsb_release -si` || true
|
DISTRO=`lsb_release -si` || true
|
||||||
|
|
||||||
if [[ "Debian Ubuntu" =~ $DISTRO ]]; then
|
if [[ "Debian Ubuntu" =~ $DISTRO ]]; then
|
||||||
mkdir -p /etc/iptables
|
# Note in later versions will
|
||||||
|
# need netfilter-persistent package
|
||||||
|
install-packages iptables-persistent
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user