Implement persistence of iptables on reboot
Use the iptables-persistent package to implement persistence of iptables during a reboot for Ubuntu and Debian. Entries are saved to /etc/iptables/rules* on add-rule. These entries are restored on reboot. ( Note in later versions iptables-persistent is replaced by netfilter-persistent with plugins in iptables-persistent) Change-Id: I44b625111d5db34a444c5aa4f6e31c6009c8a6f5
This commit is contained in:
Therese McHale
parent
355cce77f9
commit
5815b45ed0
|
|
@ -17,28 +17,30 @@ RULE="$@"
|
|||
|
||||
DISTRO=`lsb_release -si` || true
|
||||
|
||||
IPT_FILE=
|
||||
|
||||
if [[ "RedHatEnterpriseServer CentOS Fedora" =~ "$DISTRO" ]]; then
|
||||
|
||||
IPT_FILE=
|
||||
# Check if the iptables service is active
|
||||
if systemctl is-active iptables.service ; then
|
||||
IPT_FILE=/etc/sysconfig/iptables
|
||||
fi
|
||||
if [ -f "$IPT_FILE" ]; then
|
||||
|
||||
iptables-restore < $IPT_FILE
|
||||
fi
|
||||
|
||||
if [ -n "$IPT_FILE" ]; then
|
||||
|
||||
iptables -C $RULE || iptables -I $RULE
|
||||
|
||||
iptables-save > $IPT_FILE
|
||||
fi
|
||||
|
||||
elif [[ "Debian Ubuntu" =~ "$DISTRO" ]]; then
|
||||
|
||||
IPT_FILE=/etc/iptables/iptables
|
||||
fi
|
||||
|
||||
if [ -f "$IPT_FILE" ]; then
|
||||
|
||||
iptables-restore < $IPT_FILE
|
||||
fi
|
||||
|
||||
if [ -n "$IPT_FILE" ]; then
|
||||
service iptables-persistent reload
|
||||
|
||||
iptables -C $RULE || iptables -I $RULE
|
||||
|
||||
iptables-save > $IPT_FILE
|
||||
service iptables-persistent save
|
||||
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -7,5 +7,7 @@ install-packages iptables
|
|||
DISTRO=`lsb_release -si` || true
|
||||
|
||||
if [[ "Debian Ubuntu" =~ $DISTRO ]]; then
|
||||
mkdir -p /etc/iptables
|
||||
# Note in later versions will
|
||||
# need netfilter-persistent package
|
||||
install-packages iptables-persistent
|
||||
fi
|
||||
|
|
|
|||
Loading…
Reference in New Issue