Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to create persistent iptables rule to allow ssh to a specified address on Ubuntu 12.04?

Posted on 2013-11-04
3
Medium Priority
?
870 Views
Last Modified: 2013-11-06
Greetings,

I am working iptables on Ubuntu 12.04. I would like to configure the iptables rules so that ssh is only allowed from one specific address.  When I enter the following, it works:

sudo iptables -A INPUT -p tcp -s a.b.c.d --dport ssh -j ACCEPT

With that rule in place I can establish an ssh connectin from the specified address.

Now I want to make the rule persistent, so that it still works after a reboot. I add this line to the /etc/rc.local file:

/sbin/iptables -A INPUT -p tcp -s a.b.c.d --dport ssh -j ACCEPT


Then I reboot and it does not work. Can anyone tell me why this does not work and what  I must do to make the rule persistent?
0
Comment
Question by:bradber
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 7

Accepted Solution

by:
dec0mpile earned 1000 total points
ID: 39622260
You need to have a package called iptables-persistent to accomplish this.

AFTER you add the rule that works:
sudo iptables -A INPUT -p tcp -s a.b.c.d --dport ssh -j ACCEPT


Install the package: sudo apt-get install iptables-persistent
Start the service: sudo service iptables-persistent start

And now the iptables will remain intact after reboot.
0
 
LVL 14

Assisted Solution

by:comfortjeanius
comfortjeanius earned 1000 total points
ID: 39622551
During installation of the iptables-persistent, you will prompted whether you want to save current iptables rules or not.

This package will make Ubuntu’s iptables rules persistent by storing iptables rules in:

   
/etc/iptables/rules.v4 for IPv4 rules
   
/etc/iptables/rules.v6 for IPv6 rules

Any of those rules will be reloaded to current iptables rules during restart. You can save your current iptables rules manually by using the following command:

iptables-save > /etc/iptables/rules.v4

Open in new window


or

iptables-save > /etc/iptables/rules.v6

Open in new window

0
 

Author Closing Comment

by:bradber
ID: 39629007
Thanks to both of you for your helpful comments. I ended up solving the problem by using the same ACCEPT rule that I originally tried, but moving it to the top of the rc.local file.

However, I think the iptables-persistent package looks useful and plan to explore that option in the future. Your help is appreciated!
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question