Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to create persistent iptables rule to allow ssh to a specified address on Ubuntu 12.04?

Posted on 2013-11-04
3
843 Views
Last Modified: 2013-11-06
Greetings,

I am working iptables on Ubuntu 12.04. I would like to configure the iptables rules so that ssh is only allowed from one specific address.  When I enter the following, it works:

sudo iptables -A INPUT -p tcp -s a.b.c.d --dport ssh -j ACCEPT

With that rule in place I can establish an ssh connectin from the specified address.

Now I want to make the rule persistent, so that it still works after a reboot. I add this line to the /etc/rc.local file:

/sbin/iptables -A INPUT -p tcp -s a.b.c.d --dport ssh -j ACCEPT


Then I reboot and it does not work. Can anyone tell me why this does not work and what  I must do to make the rule persistent?
0
Comment
Question by:bradber
3 Comments
 
LVL 7

Accepted Solution

by:
dec0mpile earned 250 total points
ID: 39622260
You need to have a package called iptables-persistent to accomplish this.

AFTER you add the rule that works:
sudo iptables -A INPUT -p tcp -s a.b.c.d --dport ssh -j ACCEPT


Install the package: sudo apt-get install iptables-persistent
Start the service: sudo service iptables-persistent start

And now the iptables will remain intact after reboot.
0
 
LVL 14

Assisted Solution

by:comfortjeanius
comfortjeanius earned 250 total points
ID: 39622551
During installation of the iptables-persistent, you will prompted whether you want to save current iptables rules or not.

This package will make Ubuntu’s iptables rules persistent by storing iptables rules in:

   
/etc/iptables/rules.v4 for IPv4 rules
   
/etc/iptables/rules.v6 for IPv6 rules

Any of those rules will be reloaded to current iptables rules during restart. You can save your current iptables rules manually by using the following command:

iptables-save > /etc/iptables/rules.v4

Open in new window


or

iptables-save > /etc/iptables/rules.v6

Open in new window

0
 

Author Closing Comment

by:bradber
ID: 39629007
Thanks to both of you for your helpful comments. I ended up solving the problem by using the same ACCEPT rule that I originally tried, but moving it to the top of the rc.local file.

However, I think the iptables-persistent package looks useful and plan to explore that option in the future. Your help is appreciated!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Fine Tune your automatic Updates for Ubuntu / Debian
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question