CS406: Information Security

Now, how do I get these rules to automatically load each time the kiosk boots? The first step is to save the current rules to a .rules file using the iptables-save tool. That'll create a file in the root directory containing a list of the rules. The pipe, followed by the tee command, is necessary to apply my sudo authority to the second part of the string: the actual saving of a file to the otherwise restricted root directory.

I can then tell the system to run a related tool called iptables-restore every time it boots. A regular cron job of the kind we saw in the previous module won't help because they're run at set times, but we have no idea when our computer might decide to crash and reboot.

There are lots of ways to handle this problem. Here's one:

On my Linux machine, I'll install a program called anacron that will give us a file in the /etc/ directory called anacrontab. I'll edit the file and add this iptables-restore command, telling it to load the current values of that .rules file into iptables each day (when necessary) one minute after a boot. I'll give the job an identifier (iptables-restore) and then add the command itself. Since you're playing along with me at home, you should test all this out by rebooting your system.

sudo iptables-save | sudo tee /root/my.active.firewall.rules
sudo apt install anacron
sudo nano /etc/anacrontab
1 1 iptables-restore iptables-restore < /root/my.active.firewall.rules

I hope these practical examples have illustrated how to use iptables and firewalld for managing connectivity issues on Linux-based firewalls.