Leapfrog

Just for the record: Because I already have an existing /etc/iptables/rules.v4 and the package iptables-persistent is installed, opening a few ports more is easy, example: # iptables -A INPUT -p udp --dport 10000 -j ACCEPT # iptables -A INPUT -p tcp --dport 5349 -j ACCEPT (activates both rules) # netfilter-persistent save (saves the running iptables to /etc/iptables/rules.v4 and the new rules are bootfix then) (This command is documented in /usr/share/doc/iptables-persistent/README) # iptables -nvL ... 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:10000 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5349 ... (success control after reboot)

Yes, these saves and restores are done by the script ... /usr/share/netfilter-persistent/plugins.d/15-ip4tables ... from the debian package iptables-persistent. But this is no explanation, where the contents of the rules.v4 initially came from (which match so wonderful the requirements of a froxlor installation). Some intelligent entity must have created those rules - and that hasn't been me 😉

Ok, I thought froxlor has been responsible for the /etc/iptables/rules.v4, sorry. That froxlor was not, is a very important info for me, thank you very much! I have to find out now, where those existing iptables came from. My only candidates at the moment are * the existing rules are a default in the OS Linux image of my Hoster? * the existing rules were generated during a Wordpress Installation? Anyway, it is good to know, that froxlor cannot overwrite those persistent rules. Kind regards

Froxlor (0.10.22-1) is running nicely on my server (Debian 10 Buster). But now I plan to install a service on this public server, which needs a few ports more opened in iptables. I am not sure how to create some rules that do not conflict with froxlor? What is the recommended way to install a few persistent rules, that do not disturb froxlor? Status: iptables is running and is showing some rules, example: [code] # iptables -nvL ... 152 7784 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 513 25024 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ... [/code] I find these active rules persistent in /etc/iptables/rules.v4 [code] # Generated by xtables-save v1.8.2 on Mon Feb 10 20:44:30 2020 *filter ... -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT ... # Completed on Mon Feb 10 20:44:30 2020 [/code] As far as I've seen these rules are loaded at boottime by systemd's netfilter-persistent.service. Installed Debian packages: [code] ii iptables 1.8.2-4 amd64 administration tools for packet filtering and NAT ii iptables-persistent 1.0.11 all boot-time loader for netfilter rules, iptables plugin ii netfilter-persistent 1.0.11 all boot-time loader for netfilter configuration [/code] Has Froxlor generated the /etc/iptables/rules.v4? How can I add a few more rules to rules.v4? For example allowing incoming ports 10000/udp and 5349/tcp? Kind regards