DebianThis forum is for the discussion of Debian Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
because every time there is slight change in firewall rules, all that would have to be done again and again.
Well, that's not really true...you could edit your ruleset and save it, to your rule-save-location. That's easy, it works.
But it isn't the only way to do things by any means.
Quote:
Originally Posted by qrange
is there a simpler way?
Oh, yes. But first, you don't want the advantage of the way that you don't like, do you? That is, about the only sensible (?) way of getting the packet counters to survive across reboots is to use the iptables-save and iptables-restore route, so if you want that 'feature', than you might want to reconsider how much you don't like it.
So, then you have the option of using one of the graphical front-ends to generate a ruleset. Now I never managed to find one that I really liked, but YMMV.
Alternatively (and I think that this is the best solution), run a script on start up that generates your ruleset. this implies that you can write a bash script (other shells are available) that generates a set of rules that gives you the firewall that you want.
I don't know what 'packet counters' are, but ok.
I had put the script that starts iptables (output from 'Firewall Builder') into startup, will do it your way if it so much better.
Packet counters are counters that count packets. You can count the packets that are processed by each chain, and maintain a count that just goes up and up as traffic passes. Most people don't use them, but they can be quite handy in certain circumstances. What would be more difficult would be if you have a box that does get re-booted every so often (in the way that most servers don't, except by accident), and need the counts of packets to carry on accumulating after the re-boot.
It sounds as if you don't need that, but, if you did, you would have to look at iptables-save and iptables-restore for the appropriate options. Documented in the man pages.
Quote:
Originally Posted by qrange
I had put the script that starts iptables (output from 'Firewall Builder') into startup, will do it your way if it so much better.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.