Stopping IPtables on Debian

**woosting** · 09-16-2005, 11:33 PM

How can I start or stop IPtables on a debian system?
(on my FC3 system it is /etc/init.d/iptables stop/start)

**pbharris** · 09-17-2005, 02:22 AM

hello,
not exactly sure - but i know iptables -F flushes all current rules.

**woosting** · 09-17-2005, 12:34 PM

[quote author=pbharris link=board=4;threadid=10691;start=0#msg95990 date=1126923765]
hello,
not exactly sure - but i know iptables -F flushes all current rules.
[/quote]
Is flushing permanently?

Apearantly one needs to write one's own script on Debian (I wanted a clean/crisp system so now I pay the price). But I found a nice Debian specific tutorial to help me further. For those who are interested:

http://www.aboutdebian.com/index.htm

I will manage (I hope), allthough now I can't get X to start, but that is another topic. If anyone have suggestions on my IPtables starting problem I'd be still happy to hear them though!

**Compunuts** · 09-19-2005, 05:23 AM

[quote author=woosting link=board=4;threadid=10691;start=0#msg96005 date=1126960467]
Is flushing permanently?[/quote]
I don't know what you mean by permanently but if you use -F switch, it will reset all the rules that you have put in.

Check out "iptables -h" for more help info.

Apearantly one needs to write one's own script on Debian (I wanted a clean/crisp system so now I pay the price).

Not really. If you use basic iptables, then, yes, you need to write your own rules. I personally use shorewall (apt-get install shorewall) to manage my iptables scripts. So I write the rules I want in shorewall config file, then just restart shorewall and shorewall take care of all the flashing, adding and deleting rule sets.

**woosting** · 09-23-2005, 09:42 AM

[quote author=Compunuts link=board=4;threadid=10691;start=0#msg96063 date=1127107427]
[quote author=woosting link=board=4;threadid=10691;start=0#msg96005 date=1126960467]
Is flushing permanently?[/quote]
I don't know what you mean by permanently but if you use -F switch, it will reset all the rules that you have put in.

Check out "iptables -h" for more help info.

Apearantly one needs to write one's own script on Debian (I wanted a clean/crisp system so now I pay the price).

Not really. If you use basic iptables, then, yes, you need to write your own rules. I personally use shorewall (apt-get install shorewall) to manage my iptables scripts. So I write the rules I want in shorewall config file, then just restart shorewall and shorewall take care of all the flashing, adding and deleting rule sets.
[/quote]
I ment: "does flushing through away the rules or temporarily discards them". (I think it will delete them so when I want to use them again I will have to re-write them).

Anyway... I got the tip to use shorewall many times... So I will check that out... allthough I would really like to write the rules directly in the IPtables, but I would still neet to start/stop/restart IPtables whenever I want to. Bot for the time being, since shorewall seems to have a less steep learningcurve, I will start out with that.

Thank you!

**redhead** · 09-23-2005, 09:58 AM

Just as a sidenote, I see this has turned into something about not having the time to get into iptables, and wanting to get into iptables...

Just as a reference, you might wanna take a look at a few scripts I made ages ago..
http://redhead.dk/download/pub/stuff/iptables-script
http://redhead.dk/download/pub/stuff/firewall-script

Since I was learning the differences between ip-chains and ip-tables at the time they are quite well documented, and the last one provide you with a start/stop/flush/reload/etc option, so you can use it as your normal startup script.

**flashingcurser** · 10-03-2005, 06:40 PM

Web based iptables firewall script generator

dan

**Compunuts** · 10-07-2005, 03:15 AM

[quote author=woosting link=board=4;threadid=10691;start=0#msg96190 date=1127468564]
I ment: "does flushing through away the rules or temporarily discards them". (I think it will delete them so when I want to use them again I will have to re-write them).[/quote]
Yes, you will have to re-write them unless you made the script with rules and run it at start up.

allthough I would really like to write the rules directly in the IPtables, but I would still neet to start/stop/restart IPtables whenever I want to.

This is the thing, you do not need to start-stop-restart iptables. It's loaded as kernel module. All you need is flash your rules set and you are good to go when you put in new rules set.