Using iptables in "manual" mode

newhere · 12 September 2020 12:47

The GUI for gufw does not provide the options I need to setup iptables the way I want. What is the preferred way to run iptables without having any “easy configuration tool”?
One of the things I notice is that iptables is installed (by default), but I can’t find any iptables service. However, when I insert rules using the iptables command, the system responds well to the command.
When running iptables -L it lists a huge number of chains and rules jumping between them. I’d like to start empty, having my own rules and chains only.

Whats the preferred way there?

newhere · 12 September 2020 14:03

I must have been blind. The iptables service is there. Don’t know why I didn’t see it before.
So I guess, I’ll just do:

systemctl disable ufw.service 
systemctl mask ufw.service 
systemctl start iptables.service

then do whatever iptables commands I want and save to /etc/iptables/iptables.rules

xabbu · 12 September 2020 14:06

The default iptables packages provides 2 systemd servies. For IPv4 iptables.service and for IPv6 ip6tables.service

These are very simple services, that load the ruls form /etc/iptables/iptables.rules and /etc/iptables/ip6tables.rules

If you enables ufw for example it will also add a lot of rules, it has many defaults, not only user rules. You would need to disable or remove the package.

newhere · 12 September 2020 14:11

Thanks. Guess it’s a good idea to do some basic ipv6 drop as well.

system · 15 September 2020 14:11

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.