save konfigurasi iptables di slackware 12
Do no why this post is on my draft, that dated on year 2008, preety old huh, mybe im forget to post it.
So now let the world see.
Maintaining things with cron, crontab and iptables-save
Some have suggested that sshblack should fully maintain the iptables configuration it works with, including saving, checking and restoring chains and rules. I have chosen not to do this for several reasons which are beyond the scope of this secction. However, here are some pointers that allow you do do these kind of operations yourself.
If you’d like to manage sshblack like any other background process, see The Configuration Page for some user-supplied information on managing sshblack with things like chkconfig. There is even an init script.
Actually, starting sshblack after a reboot can be as simple as placing the full path and file name in your /etc/rc.d/rc.local file (or whatever directory/file your OS uses for custom start-up scripts). This will start sshblack very quickly after your machine boots.
Saving the iptables configuration can be important because if the custom chain sshblack uses is not restored after a reboot, obviously sshblack won’t be able to add/delete rules for a non-existent chain. If your machine supports it, saving and restoring iptables configs can be done easily using iptables-save and iptables-restore.
Execution of the iptables-save command can be done in the root crontab or it can be placed in the /etc/cron.daily directory. You can of course do this save every hour if you like by placing the shell file in the /etc/cron.hourly directory. Here is an example of an iptables-save script:
# Save iptables configuration to /etc/sysconfig/iptables.1
/sbin/iptables-save -c > /etc/sysconfig/iptables.1
If you’d like to use crontab to do this same thing you can execute the following command:
[root@stinky root]# crontab -e
You will then see your crontab configuration (likely opened in vi). Simply place the following command into your crontab file and save it:
mailto = “root”
25 * * * * /sbin/iptables-save -c > /etc/sysconfig/iptables.1
Now, how do we pull this information back into iptables in the event of a reboot? Simple, just go back to your /etc/rc.d/rc.local and add in the iptables-restore command [Be sure to place this line BEFORE the line that starts sshblack in your rc.local file]. This will pull that saved information back in to iptables.
/sbin/iptables-restore -c < /etc/sysconfig/iptables.1
Note that iptables-restore will not only restore the rules that sshblack has added, it will restore any custom chains also.
baca selengkapnya di http://www.pettingers.org/code/sshblack-notes.html
Entry filed under: networking. Tags: .