iptables changes: are they permanent?

Discussion in 'Tomato Firmware' started by sholdowa, May 14, 2009.

  1. sholdowa

    sholdowa Addicted to LI Member

    I'm running tomato 1.23 with openvpn on a wrt54gl, and need to add some iptables rules to manage the vpn access. In order to be absolutely sure I've got it right, I've added extra lines to /etc/iptables.

    Can anyone tell me whether these are permanent - ie will survive over a reboot - or whether they need storing somewhere else as well?

    Many thanks,

  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Actually, adding entries to /etc/iptables doesn't even make them take effect during this boot.

    You can add rules temporarily by using the /usr/sbin/iptables executable. To make them persistent, however, you need to add entries to the firewall script in the web gui (Administration->Scripts). These need to be lines that call the iptables executable (eg, iptables -I INPUT -p tcp --dport 8080 -j ACCEPT).
  3. fyellin

    fyellin LI Guru Member

    Nothing in tomato and ROM and NVRAM survive a reboot. The system recreates itself, including its file system, ever time it restarts.

    **** EDITED ****

    Looking at the code a little bit more. /etc/iptables is regenerated each time the firewall comes up. So changes to this file are even more transient than a reboot.
  4. sholdowa

    sholdowa Addicted to LI Member

    got it..

    Right, that's in place now. Learning my way round the GUI is a slow business at my age!

    Thanks for the pointers.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice