| 2016-04-21 11:56:37 |
jean-christophe manciot |
description |
Hello,
I've just installed iptables-persistent package so that my user-defined iptables rules are reloaded at each reboot.
Some rules cannot be defined with Gufw/ufw, such as for instance "sudo iptables -I OUTPUT -m geoip --dst-cc <country-code> -j ACCEPT" which uses Xtables-addons.
In order to have these manually defined iptables rules reloaded at each reboot, the correct way is to save them in 2 user-defined files such as /etc/iptables/rules.v4 & /etc/iptables/rules.v6 with "sudo iptables-save /etc/iptables/rules.v4" & "sudo ip6tables-save /etc/iptables/rules.v6", which will be later used by iptables-persistent at each Linux startup.
However, any change done in Gufw is subsequently lost unless a manual call to save all the rules is made each time.
So I propose 2 options to enhance Gufw:
* include in Gufw settings the possibility to define the path to iptables-persistent configuration, so that each time the user changes a rule in Gufw, it is saved there, otherwise it will be lost,
* or enhance Gufw with the possibility to use extensions such as Xtables-addons, which would prevent us from having to manipulate the iptables & install iptables-persistent package.
Your call... |
Hello,
I've just installed iptables-persistent package so that my user-defined iptables rules are reloaded at each reboot.
Some rules cannot be defined with Gufw/ufw, such as for instance "sudo iptables -I OUTPUT -m geoip --dst-cc <country-code> -j ACCEPT" which uses Xtables-addons.
In order to have these manually defined iptables rules reloaded at each reboot, the correct way is to save them in 2 user-defined files such as /etc/iptables/rules.v4 & /etc/iptables/rules.v6 with "sudo iptables-save > /etc/iptables/rules.v4" & "sudo ip6tables-save > /etc/iptables/rules.v6", which will be later used by iptables-persistent at each Linux startup.
However, any change done in Gufw is subsequently lost unless a manual call to save all the rules is made each time.
So I propose 2 options to enhance Gufw:
* include in Gufw settings the possibility to define the path to iptables-persistent configuration, so that each time the user changes a rule in Gufw, it is saved there, otherwise it will be lost,
* or enhance Gufw with the possibility to use extensions such as Xtables-addons, which would prevent us from having to manipulate the iptables & install iptables-persistent package.
Your call... |
|
