On Sat, 18 Jul 2020 18:17:38 +0100, Terry Coles wrote:
> Hi,
> 
> It has been suggested that I add an iptables rule into some devices
> and make it persistent by adding the rule to /etc/rc.local.
> 
> I naively thought that iptables rules were persistent, but a quick
> google throws up the idea of using iptables-save/iptables-restore
> but also iptables- persistent.
> 
> Is there a right way?

I wanted to know the answer to this a while ago, and I concluded that 
it doesn't matter enormously. As far as I could tell, it's a bring-
your-own-persistence party and there is no one best way of doing it.

It seems as though iptables-based firewall utilities are as numerous 
as text editors and desktop environments.

Fundamentally, you've just got to make sure that, at some sensible 
moment during start-up, some commands; none in particular; will get 
run that will create the rule for you. iptables-restore is one way to 
do that, which might be helpful, so is iptables-persistent. Or, you 
could just as well run the commands that you originally used to create 
the rule.

My solution was to write an init script that created my iptables 
rules, with the rules I wanted hard-coded into the script in a manner 
that was easily-editable. I thought that was a relatively neat way of 
doing it, but it's certainly not the only way. I might not have done 
it that way if I only wanted to load one simple rule.

(For systemd, I suppose you would write a systemd unit instead.)

If you were going to invest a lot of time in writing rules or scripts, 
nftables might be more futureproof than iptables. But for quick, 
simple rules, I wouldn't worry about that too much.

Patrick

-- 
  Next meeting: Online, Jitsi, Tuesday, 2020-08-04 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Reply via email to