Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IPTables and rc.local script


  • Please log in to reply
6 replies to this topic

#1 DefaultGateway

DefaultGateway

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 26 November 2015 - 08:19 AM

Can someone explain what "iptables-restore < /etc/iptables.sav" does?

Here below is the "rc.local" script.

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
iptables-restore < /etc/iptables.sav
exit 0

What is "exit 0"? And what does "0" mean?



BC AdBot (Login to Remove)

 


#2 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:06:26 AM

Posted 26 November 2015 - 04:03 PM

You normally use exit(0) if everything went ok.



#3 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 26 November 2015 - 04:05 PM


iptables-restore is used to restore IP Tables from data specified on
STDIN. Use I/O redirection provided by your shell to read from a file

-REF:https://www.cl.cam.ac.uk/cgi-bin/manpage?8+iptables-restore

 

iptables-restore < /etc/iptables.sav

The command you specified is piping (sending) the file "/etc/iptables.sav" to stdin, which iptables-restore is then reading from. Basically it's reading the file, but instead of doing this directly it's using stdin as a middle-man.

 

exit 0

Exit, ends the rc.local script. Well technically it ends the process. If you want you can open a terminal emulator and type:

exit 0

The window will close.

 

exit 0

The zero is an exit status, zero meaning success. In this case it's specified so that the exit status of the script will be 0 regardless of the exit status of iptables-restore.



#4 DefaultGateway

DefaultGateway
  • Topic Starter

  • Members
  • 187 posts
  • OFFLINE
  •  

Posted 27 November 2015 - 03:07 AM

Thanks NickAu and hollowface for replying.

 

But what if you do not edit the "rc.local" file and put that rule "iptables-restore < /etc/iptables.sav" in it? (before the exit 0 line)

 

 

IPTables are not automatically saved, so therefore is the command "sudo iptables-save | sudo tee /etc/iptables.sav".

 

But after running that command, should the file "rc.local" also be edited in order for the new IPTables rules?

 

 



#5 DefaultGateway

DefaultGateway
  • Topic Starter

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 27 November 2015 - 03:52 AM

Just found out that if you only save the IPTables, but not edit that "rc.local" script with the line "iptables-restore < /etc/iptables.sav", then the IPTables will not be loaded with the new IPTables rules.



#6 blondie101010

blondie101010

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 29 November 2015 - 01:45 AM

You should edit /etc/sysconfig/iptables-config and change IPTABLES_SAVE_ON_RESTART to "yes", and of course remove that crappy line from your rc.local.


Edited by blondie101010, 29 November 2015 - 01:46 AM.


#7 imort

imort

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 14 June 2016 - 07:40 AM

Can someone explain what "iptables-restore < /etc/iptables.sav" does?

Here below is the "rc.local" script.

# By default this script does nothing.
iptables-restore < /etc/iptables.sav
exit 0

What is "exit 0"? And what does "0" mean?

 

Hey
It restoring your Linux firewall configuration from the saved file /etc/iptables.sav

The standard Linux firewall is calling 'iptables' as you can see :)

Look here for more info about iptables.

 

'exit 0' means that your script will return 0 and finish after restoring in any case (restore succeed or not)

'0' usually means that script result is success.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users