Udgivet den

Persistent Iptables on Raspberry Pi

Step 1: Install iptables-persistent package with apt-get command.

# apt-get install iptables-persistent

On the menu, select Yes on the rule.v4 file. The second choice is about rule.v6 and IPv6 support, choose based on your needs.

Step 2: After the installation is done, go to:

[Replace vim with your favourite editor]

# vim /etc/iptables/rules.v4

Now you can see the existing iptables configuration, in my case since no rules are setup yet, it is completely empty:

# Generated by iptables-save v1.4.14 on Fri Dec 26 20:13:04 2014

*filter

:INPUT ACCEPT [5897:7430402]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [1767:169364]

COMMIT

# Completed on Fri Dec 26 20:13:04 2014

Now you can start building your iptables on this file, one per line, just before the COMMIT command. Once you are done, save the file.

I would suggest to add at least the following rule, in order to validate our concept.

-A INPUT -p icmp -m icmp –icmp-type 8 -j REJECT

The above rule will filter inbound ICMP type 8 traffic and will respond with a
Destination port unreachable message and will take effect after you have rebooted the Pi.

Step 3: Feel free to do a ping to the device, it should respond normally. Now reboot the device.

# reboot

After the device is back on, do a ping request again. This time you should get the “Destination port unreachable” message. The iptables have loaded successfully, congratulations. Now, issue:

# iptables -L

Chain INPUT (policy ACCEPT)

target prot opt source destination

REJECT icmp – anywhere anywhere icmp echo-request reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

Our rule is on the third line. Now feel free to add the rest of the rules per Step 2.

Extra tip: In case you prefer adding the rules straight to iptables and not to the file, the following command may be useful:

# /etc/init.d/iptables-persistent save

This command takes the current configuration of your iptables and saves it to the rules.v4 file.