Thanks everyone for your help! I started with Jeff's suggestion, below, which seems to work fine. I don't actually boot very often, usually just hibernating. But after modifying /etc/network/interfaces, shutting down and rebooting, my iptables are intact, so that's a start.
Cheers, Tyler "Jeff Soules" <[EMAIL PROTECTED]> writes: >> go in /etc/init.d/? What do I need to do with this file to get it to run >> every time I boot? The actual content is copied below. > > Actually, the easiest way to make sure the firewall rules are always > on is to add this to your /etc/network/interfaces : > # Bring up firewall > pre-up iptables-restore < /etc/iptables.rules > > # And save fw state on shutdown > post-down iptables-save -c > /etc/iptables.rules > > > On Fri, Oct 10, 2008 at 10:04 AM, tyler <[EMAIL PROTECTED]> wrote: >> Hi, >> >> I'm trying to learn how to firewall my laptop. I think I've got an >> appropriate, simple iptables script, but I can't figure out where to put >> it. Google provides lots of conflicting advice. I think it's supposed to >> go in /etc/init.d/? What do I need to do with this file to get it to run >> every time I boot? The actual content is copied below. >> >> Thanks, >> >> Tyler >> >> ######################### start ########################### >> #### Clear the iptables #### >> iptables -F >> iptables -X >> iptables -Z >> iptables -t nat -F >> iptables -t nat -X >> iptables -t nat -Z >> iptables -t mangle -F >> iptables -t mangle -X >> iptables -t mangle -Z >> >> #### Set default policy to drop all inbound and forwarded >> #### packets, accept all outbound >> iptables -P INPUT DROP >> iptables -P FORWARD DROP >> iptables -P OUTPUT ACCEPT >> >> #### Allow input from established connections #### >> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT >> >> #### Allow input from localhost #### >> iptables -A INPUT -i lo -j ACCEPT >> >> #### Allow icmp error messages #### >> iptables -A INPUT -p icmp --icmp-type 3 -j ACCEPT >> iptables -A INPUT -p icmp --icmp-type 11 -j ACCEPT >> iptables -A INPUT -p icmp --icmp-type 12 -j ACCEPT >> >> #### REJECT ident requests #### >> iptables -A INPUT -p tcp --syn --dport 113 -j REJECT --reject-with tcp-reset >> >> ############################# end ################################# > > -- Breaking a digital lock to access your own property will be illegal under Bill C-61. http://www.michaelgeist.ca/content/view/3046/125/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
