Solved

How to create persistent iptables rule to allow ssh to a specified address on Ubuntu 12.04?

Posted on 2013-11-04
3
844 Views
Last Modified: 2013-11-06
Greetings,

I am working iptables on Ubuntu 12.04. I would like to configure the iptables rules so that ssh is only allowed from one specific address.  When I enter the following, it works:

sudo iptables -A INPUT -p tcp -s a.b.c.d --dport ssh -j ACCEPT

With that rule in place I can establish an ssh connectin from the specified address.

Now I want to make the rule persistent, so that it still works after a reboot. I add this line to the /etc/rc.local file:

/sbin/iptables -A INPUT -p tcp -s a.b.c.d --dport ssh -j ACCEPT


Then I reboot and it does not work. Can anyone tell me why this does not work and what  I must do to make the rule persistent?
0
Comment
Question by:bradber
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 7

Accepted Solution

by:
dec0mpile earned 250 total points
ID: 39622260
You need to have a package called iptables-persistent to accomplish this.

AFTER you add the rule that works:
sudo iptables -A INPUT -p tcp -s a.b.c.d --dport ssh -j ACCEPT


Install the package: sudo apt-get install iptables-persistent
Start the service: sudo service iptables-persistent start

And now the iptables will remain intact after reboot.
0
 
LVL 14

Assisted Solution

by:comfortjeanius
comfortjeanius earned 250 total points
ID: 39622551
During installation of the iptables-persistent, you will prompted whether you want to save current iptables rules or not.

This package will make Ubuntu’s iptables rules persistent by storing iptables rules in:

   
/etc/iptables/rules.v4 for IPv4 rules
   
/etc/iptables/rules.v6 for IPv6 rules

Any of those rules will be reloaded to current iptables rules during restart. You can save your current iptables rules manually by using the following command:

iptables-save > /etc/iptables/rules.v4

Open in new window


or

iptables-save > /etc/iptables/rules.v6

Open in new window

0
 

Author Closing Comment

by:bradber
ID: 39629007
Thanks to both of you for your helpful comments. I ended up solving the problem by using the same ACCEPT rule that I originally tried, but moving it to the top of the rc.local file.

However, I think the iptables-persistent package looks useful and plan to explore that option in the future. Your help is appreciated!
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
iptables ubuntu BLOCK all 2 90
firewall inside of network 9 83
People Counting Software 2 260
Issue to mail 11 111
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question