Permanent local firewall configuration

Oct 10, 2023
2
0
1
Hi
To avoid to loose emails during patches and upgrades we usually closed the SMTP ports via the local firewall in the past at other Linux mail relays. Now I'm missing the functionality of iptables-save / iptables-restore at the PMG. Even after installing the mentioned packages and saving the firewall configuration we have an unconfigured firewall after the reboot. I think there are missing the scripts to restore the saved firewall configuration during the restart process.
Is there anyone who can help? Any other ideas?
Wolf
 
see: https://wiki.debian.org/iptables

but if you're looking into this topic anyways - I'd recommend getting familiar with nftables (modern implementation of a packet filter in the Linux kernel with a nicer sytax for rules)

I hope this helps!
 
Thanks for this hint.
However using the new nftables tool will not cover my problem to get the firewall rule persistent and reboot resistant. But I found a slightly different filesystem path for iptables-save at your link above. I'll give it a try and send a feedback.

Best regards
Wolf
 
However using the new nftables tool will not cover my problem to get the firewall rule persistent and reboot resistant.
it should simply enable the rules if you put them in /etc/nftables.conf - see `systemctl cat nftables.service` ?