Stanislav Khromov
The command service iptables save does not seem to work on Kimsufi and OVH dedicated servers.
They have a help page for these issues. It all boils down to creating an init.d startup script.
Here is a basic script, which opens only port 22 outwards for SSH.
#!/bin/sh
# chkconfig: 3 21 91
# description: Firewall
IPT=/sbin/iptables
case "$1" in
start)
# Flush old rules, old custom tables
$IPT --flush
$IPT --delete-chain
# Set default policies for all three default chains
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
# Enable free use of loopback interfaces
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
# All TCP sessions should begin with SYN
$IPT -A INPUT -p tcp ! --syn -m state --state NEW -s 0.0.0.0/0 -j DROP
# Accept inbound TCP packets
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p tcp --dport 4711 -m state --state NEW -s 0.0.0.0/0 -j ACCEPT
# Accept inbound ICMP messages
$IPT -A INPUT -p ICMP --icmp-type 8 -s 0.0.0.0/0 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -s 0.0.0.0/0 -j ACCEPT
exit 0
;;
stop)
$IPT -F INPUT
exit 0
;;
*)
echo "Usage: /etc/init.d/firewall {start|stop}"
exit 1
;;
esa
Save this script as iptables-config (no file ending).
Now we will copy the script to /etc/init.d and enable automatic startup of the script at boot. Finally, a reboot:
chmod 700 /etc/init.d/
chkconfig iptables-config on
service iptables-config start
shutdown -r now
Now run:
iptables -L
You should see the iptables chains no longer being empty after your reboot.
PS. The rules were generated with the excellent Mista.nu Iptables script generator. Defunct
