How to persist iptables configuration on Amazon EC2 VPC NAT Ami?
Solution 1
Debian (and derivatives) use the iptables-persistent
package for this task.
Define your rules in /etc/iptables/rules.4
and/or /etc/iptables/rules.6
and activate the service (using update-rc.d
, chkconfig
or your tool of choice.
On RHEL and derivatives, the startup script /etc/init.d/iptables
reads /etc/sysconfig/iptables
, so you need to define your rules there, and ensure that the iptables
service is activated (chkconfig iptables on
) and started (service iptables start
).
Solution 2
service iptables save
or
/etc/init.d/iptables save
Related videos on Youtube
Comments
-
d0x over 1 year
I have a small script like this to configure the iptables:
#!/bin/bash PRE_STR="iptables -t nat -A PREROUTING -p tcp -j DNAT" FOR_STR="iptables -A FORWARD -p tcp -j ACCEPT" ##################################### # instances CM="10.0.1.137" MASTER="10.0.1.149" MYSQL="10.0.1.83" REPORTING="10.0.1.85" ##################################### # Clear Iptables iptables -F iptables -t nat -F ##################################### # Forward to enable Internet on private nodes iptables -t nat -A POSTROUTING -j MASQUERADE ##################################### # Port forwarding forward() { $PRE_STR --dport $1 --to $2:$3 $FOR_STR --dport $3 -d $2 } #what from to ip to port forward 3222 $CM 22 forward 7183 $CM 7183 forward 7180 $CM 7180 forward 3122 $MASTER 22 forward 8888 $MASTER 8888 forward 11000 $MASTER 11000 forward 2122 $MYSQL 22 forward 13306 $MYSQL 3306 iptables-save > /etc/firewall.conf
The question is, how to load the
/etc/firwall.conf
with the current iptables settings on the next startup?On a normal Debian machine I would put a script that fires
iptables-restore < /etc/firewall.conf
it into the folder/etc/network/if-up.d/iptables
. But this isn't available in this image.So what is the correct why to load this
/etc/firewall.conf
?AMI ID: ami-1de2d969
Update:
Is it ok to fire it in
iptables-restore < /etc/firewall.conf
in/etc/rc.local
?Source: http://www.cyberciti.biz/faq/how-do-i-save-iptables-rules-or-settings/
-
Dirk Groeneveld almost 10 yearsThis question comes up first for a Google query for "Amazon Linux AMI persist iptables", and it has two good answers that tell me exactly what I need to know. The question that this is a duplicate of has neither. Can we un-dupe this one?
-
-
d0x almost 11 yearsTy for this tipp. Do you know how to do it with Red Hat derivates as well? This Amazon VPC Image is based on red hat
-
Sam Vloeberghs over 10 yearsdid the trick on my EC2 instance!
-
Ring over 8 yearsSays unrecognized service on my aws ami.
-
Ryan Shillington almost 8 yearsWhere does it save it to?
-
Kevin almost 8 yearsIf memory serves; /etc/sysconfig/iptables