iptable rules

Hello Forum Users,

now I succesfully connect my PC across another one to my Internet Router and the Internet with iptables.

I created Firewall rules with my SLES GUI, and remove the rules on the same way.

Now on the command line with the command „iptables -L -v –line-numbers“ they are already there.

If I disable my Ipv4-Forwarding, or my Bridge between my Network Cards the rules disappear. But if I enable the Forwarding or build my Bridge again they comes back.

The removing with the iptables -D option don’t survive a restart.

But all rules I created now, I can remove with the -D option. How can I do it for the „GUI – Rules“?

My second Question is, how can I learn which rules are default after a new SLES Installation?

Or is there any?

Can I remove all rules, without do my system not working? No other important services are on the PC.

Thank you,
Flo

On 04/07/2015 12:24 PM, floregs3 wrote:[color=blue]

now I succesfully connect my PC across another one to my Internet Router
and the Internet with iptables.

I created Firewall rules with my SLES GUI, and remove the rules on the
same way.

Now on the command line with the command �iptables -L -v �line-numbers�
they are already there.[/color]

The SUSE firewall (SuSEfirewall2) is basically a bunch of nice UIs and
configuration logic around NetFilter, which is the Linux firewall
technology controlled by iptables. Configure SuSEfirewal2 means you are
configuring the system firewall permanently, so that settings survive
across reboots. Because SuSEfirewall2 uses NetFilter, you can modify
rules on the fly with iptables and related commands, but those changes are
NOT persistent across reboots unless you make them another way using the
UIs or configuration files (/etc/sysconfig/SuSEfirewall2) available for
that purpose.
[color=blue]

If I disable my Ipv4-Forwarding, or my Bridge between my Network Cards
the rules disappear. But if I enable the Forwarding or build my Bridge
again they comes back.[/color]

I’m guessing that the rules are setup specifically for devices that go
away or come back, and so they’re always there, but just not displayed
because the relevant devices (br0, etc.) are not present. This is
probably a Linux NetFilter thing, but I’m just guessing. The other option
is that the rules you are seeing going and coming are default rules that
the system always sets up for devices, which may be the case too.
[color=blue]

The removing with the iptables -D option don’t survive a restart.[/color]

True, see first response paragraph above.
[color=blue]

But all rules I created now, I can remove with the -D option. How can I
do it for the �GUI � Rules�?

My second Question is, how can I learn which rules are default after a
new SLES Installation?

Or is there any?[/color]

By default the SLES firewall blocks everything UDP/TCP inbound which is
unsolicited, and allows everything outbound; it also responds to ICMP echo
requests (ping) by default. Other things like forwarding/masquerading are
disabled by default, I believe.
[color=blue]

Can I remove all rules, without do my system not working? No other
important services are on the PC.[/color]

If you remove all rules then the system is like any other system with all
rules removed in that it follows the “policy” (default for each table)
which is something you can see via iptables commands and is probably to
block all inbound (as defined above) and allow all outbound.

–
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

Hello Forum Users,

thank you for your reply and your explanation. My destination is to learn all necessary things about routing and work with Iptables, before I can say more.

But now I have rules which is open for too much traffic. And I can not remove them also with „iptables -F“. After restart is the same as before.

Now my primary matter is to become a default based iptables environment.

I tried also to use „snapper“ and the first Snapshot with the comment „firewall“. But it’s not working.

Thanks,
Flo

Hi Flo,

And I can not remove them also with „iptables -F“. After restart is the same as before.

the rules in iptables will not survive a reboot anyhow - flushing them via “iptables -F” only applies to the current situation, too. That the rules are re-instantiated after reboot is most likely the effect of having SuSE-firewall enabled, which will work its magic at reboot and set up the required rules (per SuSE-firewall configuration) at startup time.

My destination is to learn all necessary things about routing and work with Iptables, before I can say more.

IMO, for learning iptables the better approach is to avoid “intelligent subsystems” like SuSE-firewall, but rather create your own set of rules and have them loaded via script (there are helpers to dump the current iptables config into a runnable script, which you could edit and/or run at boot time.

Regards,
Jens

Hello,

this Thread is closed, Thank you