1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

iptables changes: are they permanent?

Discussion in 'Tomato Firmware' started by sholdowa, May 14, 2009.

  1. sholdowa

    sholdowa Addicted to LI Member

    I'm running tomato 1.23 with openvpn on a WRT54GL, and need to add some iptables rules to manage the vpn access. In order to be absolutely sure I've got it right, I've added extra lines to /etc/iptables.

    Can anyone tell me whether these are permanent - ie will survive over a reboot - or whether they need storing somewhere else as well?

    Many thanks,

  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Actually, adding entries to /etc/iptables doesn't even make them take effect during this boot.

    You can add rules temporarily by using the /usr/sbin/iptables executable. To make them persistent, however, you need to add entries to the firewall script in the web gui (Administration->Scripts). These need to be lines that call the iptables executable (eg, iptables -I INPUT -p tcp --dport 8080 -j ACCEPT).
  3. fyellin

    fyellin LI Guru Member

    Nothing in tomato and ROM and NVRAM survive a reboot. The system recreates itself, including its file system, ever time it restarts.

    **** EDITED ****

    Looking at the code a little bit more. /etc/iptables is regenerated each time the firewall comes up. So changes to this file are even more transient than a reboot.
  4. sholdowa

    sholdowa Addicted to LI Member

    got it..

    Right, that's in place now. Learning my way round the GUI is a slow business at my age!

    Thanks for the pointers.

Share This Page