Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Preserve iptables changes in template?
« previous next »
Pages: [1]   Go Down

Preserve iptables changes in template?

  • 3 Replies
  • 1011 Views

mindea

Preserve iptables changes in template?
« on: April 12, 2005, 07:57:26 PM »
I have made changes to iptables restricting incoming SMTP traffic to selected servers on the Internet (we use an external filter service). I want to preserve the changes so they will work after rebooting E-Smith. I suspect I create a custom template, but I'm not sure what to call it or where to put it and what to put in it. Here are my iptables commands:

iptables -A INPUT -p tcp --syn --dport smtp -s 207.155.232.0/22 -j ACCEPT
iptables -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -m tcp --dport smtp -j ACCEPT
iptables -A INPUT -p TCP --dport smtp -j DROP

Thanks in advance.
Logged

cc_skavenger

Preserve iptables changes in template?
« Reply #1 on: April 12, 2005, 11:00:25 PM »
Where in the file did you add these custom commands at?  Look at the directory /etc/e-smith/templates/etc/rc.d/init.d/masq/ and figure out in between what two files this needs to be at or in what file you need to add this to.  When you decide this, make a template fragment in this path:
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/

This is where you would add the file you want to add in (with the commands added to it) or the file you want to add the commands to.

HTH
Logged

mindea

Preserve iptables changes in template?
« Reply #2 on: April 13, 2005, 12:04:40 AM »
I hadn't put the commands anwhere yet. I had only typed them in the shell. But your suggestion got me to the correct area, I think. In /etc/e-smith/templates/etc/rc.d/init.d/masq/ I found the file "40AllowEstablished" which looks like the correct spot to make my additions. I created a 41AllowEstablished file in /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/ with the commands added there.

Thanks ever so much for the tip.

This little change to iptables has reduced sneaky spam-droppers from dumping over a two hundred reverse NDR messages per hour to ZERO per hour. My dismally slow DSL connection is no longer burdended with this trash and my server can get back to real work.
Logged

cc_skavenger

Preserve iptables changes in template?
« Reply #3 on: April 13, 2005, 12:17:52 AM »
ok, now that you have added the commands, you need to execute this command:

/sbin/e-smith/expand-template /etc/rc.d/init.d/masq

This causes the server to rebuild the templates used to create all the iptables rules.

Next, edit /etc/rc.d/init.d/masq and make sure your commands are where they should be and are correct in syntax.  

Finally, restart the masq process by the command /etc/rc.d/init.d/masq restart and that should be it.

HTH
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Preserve iptables changes in template?