Solved

How to create persistent iptables rule to allow ssh to a specified address on Ubuntu 12.04?

Posted on 2013-11-04
3
830 Views
Last Modified: 2013-11-06
Greetings,

I am working iptables on Ubuntu 12.04. I would like to configure the iptables rules so that ssh is only allowed from one specific address.  When I enter the following, it works:

sudo iptables -A INPUT -p tcp -s a.b.c.d --dport ssh -j ACCEPT

With that rule in place I can establish an ssh connectin from the specified address.

Now I want to make the rule persistent, so that it still works after a reboot. I add this line to the /etc/rc.local file:

/sbin/iptables -A INPUT -p tcp -s a.b.c.d --dport ssh -j ACCEPT


Then I reboot and it does not work. Can anyone tell me why this does not work and what  I must do to make the rule persistent?
0
Comment
Question by:bradber
3 Comments
 
LVL 7

Accepted Solution

by:
dec0mpile earned 250 total points
Comment Utility
You need to have a package called iptables-persistent to accomplish this.

AFTER you add the rule that works:
sudo iptables -A INPUT -p tcp -s a.b.c.d --dport ssh -j ACCEPT


Install the package: sudo apt-get install iptables-persistent
Start the service: sudo service iptables-persistent start

And now the iptables will remain intact after reboot.
0
 
LVL 14

Assisted Solution

by:comfortjeanius
comfortjeanius earned 250 total points
Comment Utility
During installation of the iptables-persistent, you will prompted whether you want to save current iptables rules or not.

This package will make Ubuntu’s iptables rules persistent by storing iptables rules in:

   
/etc/iptables/rules.v4 for IPv4 rules
   
/etc/iptables/rules.v6 for IPv6 rules

Any of those rules will be reloaded to current iptables rules during restart. You can save your current iptables rules manually by using the following command:

iptables-save > /etc/iptables/rules.v4

Open in new window


or

iptables-save > /etc/iptables/rules.v6

Open in new window

0
 

Author Closing Comment

by:bradber
Comment Utility
Thanks to both of you for your helpful comments. I ended up solving the problem by using the same ACCEPT rule that I originally tried, but moving it to the top of the rc.local file.

However, I think the iptables-persistent package looks useful and plan to explore that option in the future. Your help is appreciated!
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Suggested Solutions

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now