3

I've just started playing with Debian 6.0 (Squeeze) in a VPS environment, as a way to learn more about system administration.

One thing I'd like to configure is a default packet filtering policy. (Permit new and established SSH inbound, permit rate limited ICMP inbound, drop everything else inbound, permit anything outbound, etc etc)

I've determined how to build a policy which roughly meets my needs, however there doesn't seem to be an existing init script which specifies where iptables should load its policy from on startup. Is there a standard way to do this on Debian?

I've seen various alternatives suggested, all of which seem to involve creating a shell script somewhere somewhere and invoking it in RC scripts, initscripts, /etc/network/interfaces...

Is there no 'blessed' way to do this in Debian? It seems like a fairly glaring oversight.

Gilles 'SO- stop being evil'
  • 807,993
  • 194
  • 1,674
  • 2,175
Murali Suriar
  • 2,734
  • 4
  • 21
  • 24
  • 1
    I think the /etc/network/interfaces is the most "debian way" of doing this. Some distributions have init scripts by default which save and load iptables rules. – stribika Feb 25 '11 at 13:27

1 Answers1

4

There is no default standart way to setup a firewall in Debian, except maybe calling a script with a pre rule in the network configuration (/etc/network/interfaces) but there are many packages providing different ways to do it.

For example the packages uruk and iptables-persistent provide very simple scripts to load and backup a very simple firewall.

jon_d
  • 1,043
  • 7
  • 8
  • I ended up putting a script in /etc/network/if-pre-up.d/ - accepting this answer since 'there is no default' is correct. – Murali Suriar Jul 26 '11 at 21:25