EDIT I tried messing around in the file and I noticed that when I remove the “#” in “ !/bin/sh -e” it turned into a plain text document, leaving the “#” in however, turns it into a runnable script. If anyone is wondering how to do/fix this, the file should be as follows:
# !/bin/sh -e
rc.local
iptables-restore < /etc/iptables-rules
exit 0
That is for the server to always setup the IpTables at startup, but you can make it run any command you want in between the “# !/bin/sh -e” and the “exit 0” and it will run those commands on startup.
original post below
So I have my server on a dedicated machine (not running any VM to clarify) and it works perfectly, the only problem I have is that every time it restarts, I have to open the terminal and run “sudo iptables-restore < /etc/iptables-rules” otherwise I can’t HTTPS to the web user interface and I can’t sftp to the server from a different machine until I run that command. i tried modifying the “/etc/rc.local” file but i dont understand much about how to correctly set up the file, I set it up as follows:
!/bin/sh -e
rc.local
iptables-restore < /etc/iptables-rules
exit 0
But saving the file then turns it into a plain text document so I dont really know how to make it run at startup if its no longer a script.
Thanks!
I was able to get this set by sudo nano /etc/iptables-rules
In the file it has ports already open that you can mimic. Restart iptables or just simply reboot.
i have the same problem as happy_lama, but i have not gotten it to work, every time my system reboots i have to type in “sudo iptables-restore < /etc/iptables-rules” how do i fix this its very annoying.
You can edit the /etc/iptables-rules by typing the command: sudo nano /etc/iptables-rules
You will want to add a line similar to the one below replacing the port number with what you want opened.
Or you can replace it with a range using this format: beginning port number:ending port number
IE: 25563:25567
-A INPUT -p tcp -m tcp --dport *port number | port:range* -j ACCEPT
The first line of a linux script like this is called the shebang (hashbang, alternatively). It is designed to have the comment character first, and there is no space between it and the !. It indicates to the shell that, when executed (+x) directly, it knows to use the /bin/sh interpreter.
Realistically, the above lines should be all that’s necessary under normal circumstances for iptables restoration from file.
Hi!
I can’t get the firewall rules to reset automatically on every boot, which is pretty frustrating.
I tried to write your code in /etc/rc.local:
#!/bin/sh -e
iptables-restore < /etc/iptables-rules
exit 0
I also tried adding rc.local:
#!/bin/sh -e
rc.local
iptables-restore < /etc/iptables-rules
exit 0
But at every boot the firewall resets itself. How can I fix it?
Hey!
Its been so long but im happy to help, I dont recall how I had it work before…
Try chmod 777 /etc/rc.local as I think thats how I got it to work, basically since the file didnt exist there before, by default it cannot run or be executed, by doing chmod 777 it gives it permission to execute.
Let me know if this worked!
1 Like
Hi, thanks for the quick reply!
I tried what you said but unfortunately it keeps resetting after a reboot …
EDIT: I tried to remove rc.local from the file and now it works! Thank you!!!
1 Like
Yes!
Forgot to mention remove that command as it doesnt exist and will cause issues.
Glad it works!
1 Like