iptables na inicialização

**adamolb** · 02-04-2009, 15:01

Olá, quando dou um service iptables restart, dá tudo ok e sobem as regras normalmente, porém quando ativo o iptables no ntsysv e reinicio o PC, fica parado 16 minutos "Applying iptables firewall rules", porém não posso esperar 16 minutos toda vez que reinicar o PC.

Segue script de firewall (/etc/sysconfig/iptables)

# Generated by iptables-save v1.2.3 on Sun May 25 21:28:47 2003
*mangle
:PREROUTING ACCEPT [272:15737]
:OUTPUT ACCEPT [151:11002]
COMMIT
# Completed on Sun May 25 21:28:47 2003
# Generated by iptables-save v1.2.3 on Sun May 25 21:28:47 2003
*nat
:PREROUTING ACCEPT [90:5520]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.254.0/255.255.255.0 -d 10.3.0.0/255.255.0.0 -j MASQUERADE
COMMIT
# Completed on Sun May 25 21:28:47 2003
# Generated by iptables-save v1.2.3 on Sun May 25 21:28:47 2003
*filter
:INPUT DROP [85:5100]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:VPN - [0:0]
-A INPUT -d 200.232.9.5 -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -d 200.232.9.5 -p 47 -j ACCEPT
-A INPUT -s 192.168.254.0/255.255.255.0 -p icmp -j ACCEPT
-A INPUT -s 200.206.232.200 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 200.168.57.189 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 200.161.31.32 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -d 200.232.9.30 -p udp -m udp --dport 1645 -j ACCEPT
-A INPUT -d 200.232.9.30 -p udp -m udp --dport 1646 -j ACCEPT
-A FORWARD -s 192.168.254.0/255.255.255.0 -d 10.3.0.0/255.255.0.0 -j VPN
-A FORWARD -s 10.3.0.0/255.255.0.0 -d 192.168.254.0/255.255.255.0 -j VPN
-A OUTPUT -s 200.232.9.5 -p tcp -m tcp --sport 1723 -j ACCEPT
-A OUTPUT -s 200.232.9.5 -p 47 -j ACCEPT
-A OUTPUT -d 192.168.254.0/255.255.255.0 -p icmp -j ACCEPT
-A OUTPUT -d 200.206.232.200 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -d 200.168.57.189 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -d 200.161.31.32 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -s 200.232.9.30 -p udp -m udp --sport 1645 -j ACCEPT
-A OUTPUT -s 200.232.9.30 -p udp -m udp --sport 1646 -j ACCEPT
-A VPN -j DROP
COMMIT
# Completed on Sun May 25 21:28:47 2003

**Lincoln** · 02-04-2009, 16:00

esperimente colocar o script no seu /etc/rc.local
e reinicie a maq.

**adamolb** · 02-04-2009, 16:18

Esse script não da p/ colocar no rc.local, pois da erros:

etc/sysconfig/iptables-config: line 2: *mangle: command not found
/etc/sysconfig/iptables-config: line 3: :PREROUTING: command not found
/etc/sysconfig/iptables-config: line 4: :OUTPUT: command not found
/etc/sysconfig/iptables-config: line 5: COMMIT: command not found
/etc/sysconfig/iptables-config: line 8: *nat: command not found
/etc/sysconfig/iptables-config: line 9: :PREROUTING: command not found
/etc/sysconfig/iptables-config: line 10: :POSTROUTING: command not found
/etc/sysconfig/iptables-config: line 11: :OUTPUT: command not found
/etc/sysconfig/iptables-config: line 12: -A: command not found
/etc/sysconfig/iptables-config: line 13: COMMIT: command not found
/etc/sysconfig/iptables-config: line 16: *filter: command not found
/etc/sysconfig/iptables-config: line 17: :INPUT: command not found
/etc/sysconfig/iptables-config: line 18: :FORWARD: command not found
/etc/sysconfig/iptables-config: line 19: :OUTPUT: command not found
/etc/sysconfig/iptables-config: line 20: :VPN: command not found
/etc/sysconfig/iptables-config: line 21: -A: command not found
/etc/sysconfig/iptables-config: line 22: -A: command not found
/etc/sysconfig/iptables-config: line 23: -A: command not found
/etc/sysconfig/iptables-config: line 24: -A: command not found
/etc/sysconfig/iptables-config: line 25: -A: command not found
/etc/sysconfig/iptables-config: line 26: -A: command not found
/etc/sysconfig/iptables-config: line 27: -A: command not found
/etc/sysconfig/iptables-config: line 28: -A: command not found
/etc/sysconfig/iptables-config: line 29: -A: command not found
/etc/sysconfig/iptables-config: line 30: -A: command not found
/etc/sysconfig/iptables-config: line 31: -A: command not found
/etc/sysconfig/iptables-config: line 32: -A: command not found
/etc/sysconfig/iptables-config: line 33: -A: command not found
/etc/sysconfig/iptables-config: line 34: -A: command not found
/etc/sysconfig/iptables-config: line 35: -A: command not found
/etc/sysconfig/iptables-config: line 36: -A: command not found
/etc/sysconfig/iptables-config: line 37: -A: command not found
/etc/sysconfig/iptables-config: line 38: -A: command not found
/etc/sysconfig/iptables-config: line 39: -A: command not found
/etc/sysconfig/iptables-config: line 40: COMMIT: command not found

**Lincoln** · 02-04-2009, 16:27

crie o arquivo e dentro do rc.local vc aponta esse arquivo...
por exemplo:

/root/scritp/firewall.sh

dentro desse arquivo vc coloca as regras do iptables...

**Lincoln** · 02-04-2009, 16:57

isto acontece por que no inicio dos comando num tem o iptables na frente

vc deve ter dado um "iptables-save >arquivo.sh"
da uma olhadinha no seu arquivo e veja se esta correto amigo

outro adendo...

no inicio do script vc coloca:

#!/bin/bash

e no inicio dos comando vc coloca o iptables na frente e não esquece de dar permissão de execução.

abraço!

**PEdroArthurJEdi** · 03-04-2009, 04:57

Postado originalmente por adamolb

Mesma coisa, quando executo o script da erro, sendo assim nem vou coloca-lo na inicialização

Coloque no inicio do arquivo:

#!/usr/sbin/iptables

troque /usr/sbin/iptables pelo caminho do iptables no seu sistema... Deve funcionar!

Ou você pode colocar no rc.local:

iptables-restore < /etc/sysconfig/iptables

iptables na inicialização

Ferramentas de Tópicos

iptables na inicialização