Skip to main content
Unix & Linux

Return to Question

deleted 84 characters in body; edited tags
Source Link
Braiam
Braiam
  • 36.9k
  • 29
  • 114
  • 176

I have a problem with my automatic configuration of iptables on boot.

Right now I'm using /etc/rc.local to add some iptables rules on my Linux router on boot however some of the rules aren't added. I assume this is because the interface hasn't come up yet.

This is what I have in there:

sudo /sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
sudo /sbin/iptables -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo /sbin/iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT

I think the ppp0 interface must take a while to come up on boot and iptables might refuse to add the rule since the ppp0 interface doesn't exist. Is there a way to force iptables to add the rule anyway? I thought I would check this before I introduce a loop into the script to wait for the interface to exist before adding the rules.

I've also observed iptables doesn't remove the rule when the interface disappears and comes back after the rule was already added (which is good behaviour in my case).

Thanks!

I have a problem with my automatic configuration of iptables on boot.

Right now I'm using /etc/rc.local to add some iptables rules on my Linux router on boot however some of the rules aren't added. I assume this is because the interface hasn't come up yet.

This is what I have in there:

sudo /sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
sudo /sbin/iptables -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo /sbin/iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT

I think the ppp0 interface must take a while to come up on boot and iptables might refuse to add the rule since the ppp0 interface doesn't exist. Is there a way to force iptables to add the rule anyway? I thought I would check this before I introduce a loop into the script to wait for the interface to exist before adding the rules.

I've also observed iptables doesn't remove the rule when the interface disappears and comes back after the rule was already added (which is good behaviour in my case).

Thanks!

Right now I'm using /etc/rc.local to add some iptables rules on my Linux router on boot however some of the rules aren't added. I assume this is because the interface hasn't come up yet.

This is what I have in there:

sudo /sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
sudo /sbin/iptables -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo /sbin/iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT

I think the ppp0 interface must take a while to come up on boot and iptables might refuse to add the rule since the ppp0 interface doesn't exist. Is there a way to force iptables to add the rule anyway? I thought I would check this before I introduce a loop into the script to wait for the interface to exist before adding the rules.

I've also observed iptables doesn't remove the rule when the interface disappears and comes back after the rule was already added (which is good behaviour in my case).

Source Link
CallumA
CallumA
  • 163
  • 2
  • 2
  • 6

iptables - add rule for interface before it comes up

I have a problem with my automatic configuration of iptables on boot.

Right now I'm using /etc/rc.local to add some iptables rules on my Linux router on boot however some of the rules aren't added. I assume this is because the interface hasn't come up yet.

This is what I have in there:

sudo /sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
sudo /sbin/iptables -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo /sbin/iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT

I think the ppp0 interface must take a while to come up on boot and iptables might refuse to add the rule since the ppp0 interface doesn't exist. Is there a way to force iptables to add the rule anyway? I thought I would check this before I introduce a loop into the script to wait for the interface to exist before adding the rules.

I've also observed iptables doesn't remove the rule when the interface disappears and comes back after the rule was already added (which is good behaviour in my case).

Thanks!