Load iptables rules with iptables-restore

Asked by lukinho82 on 2012-01-18

Hi to all,
I don't understand how my current iptables rules are loaded on ubuntu 11.04. To set the rules I've followed the wiki's link (https://help.ubuntu.com/community/Ip...if-post-down.d). So I have my saved file's rules in /etc. The script iptablesload in /etc/network/if-pre-up.d contains the command iptables-restore < /etc/iptables.rules, but two questions:

1. Why, in the shell, when do I execute the command iptables-restore I have to be root (command iptables-restore prec by sudo) while, at boot, this script can be executed with no-root privileges (or so I suppose...)?
2. If, inside my script iptablesload, I replace the path file /etc/iptables.rules with another path, for example $HOME/iptables.rules, the rules aren't loaded at boot. But if I execute the same script in the shell with root privileges the rules are correctly loaded. Why?

Thanks to all.
lukinho82

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu iptables Edit question
Assignee:
No assignee Edit question
Last query:
2012-01-18
Last reply:
2012-01-19

If you add the command to load the rules in /etc/rc.local above the exit 0 line, it will load them automagically.

Joseph Paul Cohen (jcccnet) said : #2

1) The scripts are executed with root privileges. They launch from init and unless they setuid otherwise they are still running as root.

2)$HOME should resolve when it's running programs as root at bootup. You might not have the file where $HOME points. See these examples:

$ sudo echo $HOME
/home/username

$ sudo su
# echo $HOME
/root

At bootup the sripts should run as pure root and not like they do with sudo.

Can you help with this problem?

Provide an answer of your own, or ask lukinho82 for more information if necessary.

To post a message you must log in.