Where do you normally place the script that sets the firewall rules?

Posted on 2003-03-14
Medium Priority
Last Modified: 2010-04-22
is it in rc.local?

And when would you normally use the save and restore rules?
Question by:rfr1tz
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 8137528
I am presuming IPTables?

What flavour of Linux?
LVL 51

Expert Comment

ID: 8137743
I'd make it its own rc-script, called right after the network setup (ifconfig, etc.)
If you like a paranoid setup, then make the routes depending on a successfull firewall setup ;-)

save and restore is up to you, I prefer manually.
But you may use save when system goes down (rc-firewall stop), and restore when system boots (rc-firewall start)

Expert Comment

ID: 8138531

You didnt mentioned by which program you have implemented the firewall and also you didnt mentioned which OS and version. if you are using ipchains, then save the rules by the following method,

    1. type the command "service ipchains save"
    2. make it sure that ipchains will start upon booting.
    3. to run ipchains up on booting, issue the command "ntsysv" , it is a text based tool to set the services which we want to run upon booting. so check the "ipchains" option from the screen and press -Ok-, then reboot your machine.

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

LVL 11

Accepted Solution

kblack05 earned 400 total points
ID: 8139769
You can place firewall scripts anywhere, the default is

init.d or rc is where you call the scripts from on boot time.

Note you might consider downloading and installing gShield

Its a nice frontend to IP tables, and makes one heck of a
hard target.


~K Black
LVL 11

Expert Comment

ID: 8139785
Forgot to mention above, you can use iptables-save and iptables-restore any time.

In fact, I used gShield to build my walls, then later I
exported them with iptables-save >> snapshot.iptables.rules

Then my init.d is simply

/sbin/iptables-restore /path/to/snapshot.iptables.rules


~Kelly W. Black

Expert Comment

ID: 8147931

If it is going to be a script to create all the iptables chains and your on a linux/Solaris box the best place to store the main script is /etc/init.d/ Then add a softlink in the rc level directories you want to run at.

For example my is /etc/rc2/S99start_iptables which takes the "start" option and links to /etc/init.s/start_iptables.


Author Comment

ID: 8166012
These are all good answers. I had to pick one. Thanx for all y'all's help. (The only English? word with two ' )

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Fine Tune your automatic Updates for Ubuntu / Debian
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question