PLUGINS=/usr/share/netfilter-persistent/plugins.d Then check the /usr/sbin/netfilter-persistent script, notice it invokes external scripts: $ cat /usr/sbin/netfilter-persistent Log_action_begin_msg "Saving netfilter rules" Here is how I figured that out: $ cat /etc/init.d/netfilter-persistent TLDR: install iptables-persistent and check that the plugin directory /usr/share/netfilter-persistent/plugins.d contains plugins. Hence, the plugin directory called by service netfilter-persistent is empty, and service prints out that the ruleset was saved, whereas it was not.
However, is right: calling the save action of service netfilter-persistent is better.Īs of today (in 18.10), iptables-save is builtin, but iptables-persistent is not installed. There are two versions of this command: the rule can be specified as a number in the chain (starting at 1 for the first rule) or a rule to match.Īs explained by you can save your rule set by yourself in the proper directory (namely: /etc/iptables/rules.v). If you want to delete a rule, use the -D switch the man page describes two forms of this:ĭelete one or more rules from the selected chain. It's easier and faster to do, and less error prone. When checking stuff like this (your iptables -L output), I would feed it though grep "string unique to this rule" rather than use your eyes. It may effectively supersede any number of other rules, but those rules still exist. DROP means to drop the packet on the floor. the special values ACCEPT, DROP, QUEUE or RETURN. $ sudo iptables -L //shows rule has been deleted
DROP //command successfully drops the rule
0 kommentar(er)
