November 14, 20205 yr Froxlor (0.10.22-1) is running nicely on my server (Debian 10 Buster). But now I plan to install a service on this public server, which needs a few ports more opened in iptables. I am not sure how to create some rules that do not conflict with froxlor? What is the recommended way to install a few persistent rules, that do not disturb froxlor? Status: iptables is running and is showing some rules, example: [code] # iptables -nvL ... 152 7784 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 513 25024 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ... [/code] I find these active rules persistent in /etc/iptables/rules.v4 [code] # Generated by xtables-save v1.8.2 on Mon Feb 10 20:44:30 2020 *filter ... -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT ... # Completed on Mon Feb 10 20:44:30 2020 [/code] As far as I've seen these rules are loaded at boottime by systemd's netfilter-persistent.service. Installed Debian packages: [code] ii iptables 1.8.2-4 amd64 administration tools for packet filtering and NAT ii iptables-persistent 1.0.11 all boot-time loader for netfilter rules, iptables plugin ii netfilter-persistent 1.0.11 all boot-time loader for netfilter configuration [/code] Has Froxlor generated the /etc/iptables/rules.v4? How can I add a few more rules to rules.v4? For example allowing incoming ports 10000/udp and 5349/tcp? Kind regards
November 14, 20205 yr 9 minutes ago, Leapfrog said: Has Froxlor generated the /etc/iptables/rules.v4? no 10 minutes ago, Leapfrog said: How can I add a few more rules to rules.v4? For example allowing incoming ports 10000/udp and 5349/tcp? this is froxlor, not the iptables project. You might just wanna google that, there are millions of examples. Also, you might wanna try "ufw" - very simple interface for iptables, might suit your better
November 14, 20205 yr Author Ok, I thought froxlor has been responsible for the /etc/iptables/rules.v4, sorry. That froxlor was not, is a very important info for me, thank you very much! I have to find out now, where those existing iptables came from. My only candidates at the moment are * the existing rules are a default in the OS Linux image of my Hoster? * the existing rules were generated during a Wordpress Installation? Anyway, it is good to know, that froxlor cannot overwrite those persistent rules. Kind regards
November 14, 20205 yr the file is possibly created when you run iptables-save or some shutdown script that's saves it there before rebooting so the rules can be restored
November 14, 20205 yr Author Yes, these saves and restores are done by the script ... /usr/share/netfilter-persistent/plugins.d/15-ip4tables ... from the debian package iptables-persistent. But this is no explanation, where the contents of the rules.v4 initially came from (which match so wonderful the requirements of a froxlor installation). Some intelligent entity must have created those rules - and that hasn't been me 😉
November 14, 20205 yr Author Just for the record: Because I already have an existing /etc/iptables/rules.v4 and the package iptables-persistent is installed, opening a few ports more is easy, example: # iptables -A INPUT -p udp --dport 10000 -j ACCEPT # iptables -A INPUT -p tcp --dport 5349 -j ACCEPT (activates both rules) # netfilter-persistent save (saves the running iptables to /etc/iptables/rules.v4 and the new rules are bootfix then) (This command is documented in /usr/share/doc/iptables-persistent/README) # iptables -nvL ... 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:10000 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5349 ... (success control after reboot)
Archived
This topic is now archived and is closed to further replies.