At present I use the script generated by iptables-save to be loaded at boot up. This are the [partial] contents of /etc/iptables.rules:
# Generated by iptables-save v1.4.4 on Sat Mar 19 15:35:11 2011
*nat
:PREROUTING ACCEPT [218073:19652132]
:POSTROUTING ACCEPT [75792:5067692]
:OUTPUT ACCEPT [68177:4555584]
-A POSTROUTING -o eth2 -j MASQUERADE
COMMIT
# Completed on Sat Mar 19 15:35:11 2011
And I have this line in the etc/network/interfaces under the interface that should be firewalled:
pre-up iptables-restore < /etc/iptables.rules
This system has become tedious for me as I have to change the rules frequently, and whenever I change the rules I need to generate another iptables.rules file and do a system boot up to see if the the rules get applied or not. Can it be done as like conf files which load at whenever service firewall restart is done. And within the main iptables conf file another iptables rules file can be linked which can be made editable by users who have less privileges. I want iptables rules to be written directly in a text file which gets loaded at boot-up or when service firewall restart is done.
Best Answer
I presume you are on a DEBIAN based system, because RH/Centos distros are coming with init script included.
For Ubuntu install iptables-persistent
and should be enough.
For Debian you can get the script from where: http://www.ubuntucy.org/wiki/index.php/A_persistent_iptables_startup_script_for_Debian_based_systems
To add it at boot use update-rc.d. I presume you saved the script on /etc/init.d/iptables, run:
and you are done.
Regards