There was a port I wanted to protect with some firewall rules on my mythtv box.
I begain to wonder – as ubuntu often causes me to – what is the RIGHT way to do this? With slackware I would just ass some iptables rules to a script and add it to rc.local – but this seems a bit too primitive for Ubuntu – where there are complex system abstracting every startup task!
Quick research showed that for using an ubuntu as a firewall for other machines that shorewall was the ticket – but I wanted something simpler. I learned ubuntu has ufw for this – but I was still not impressed.
After remembering something a coworker showed me I searched further and I found the and found the slicehost initial setup howto for Gutsy Gibbon. Under iptables they have a perfectly simple system.
Add this to /etc/network/interfaces on the “lo” interface after the line
"iface lo inet loopback”
pre-up iptables-restore < /etc/iptables.up.rules
Then populate iptables.up.rules with the ip-tables-save command after creating some rules with iptables -A
iptables-save > /etc/iptables.up.rules
Once you have saved a few rules you might be able to modify this file manually - it is similar to the options of the iptables command but less forgiving. test with
iptables-restore < /etc/iptables.up.rules