iptables-persistent

include/init_Debian.sh

@@ -90,15 +90,16 @@ ntpdate pool.ntp.org
 
 # iptables
 if [ "${iptables_yn}" == 'y' ]; then
-  if [ -e "/etc/iptables.up.rules" ] && [ -n "$(grep '^:INPUT DROP' /etc/iptables.up.rules)" -a -n "$(grep 'NEW -m tcp --dport 22 -j ACCEPT' /etc/iptables.up.rules)" -a -n "$(grep 'NEW -m tcp --dport 80 -j ACCEPT' /etc/iptables.up.rules)" ]; then
+  if [ -e "/etc/iptables/rules.v4" ] && [ -n "$(grep '^:INPUT DROP' /etc/iptables/rules.v4)" -a -n "$(grep 'NEW -m tcp --dport 22 -j ACCEPT' /etc/iptables/rules.v4)" -a -n "$(grep 'NEW -m tcp --dport 80 -j ACCEPT' /etc/iptables/rules.v4)" ]; then
     IPTABLES_STATUS=yes
   else
     IPTABLES_STATUS=no
   fi
 
   if [ "${IPTABLES_STATUS}" == "no" ]; then
-    [ -e "/etc/iptables.up.rules" ] && /bin/mv /etc/iptables.up.rules{,_bk}
-    cat > /etc/iptables.up.rules << EOF
+    apt-get -y --force-yes install iptables-persistent &&
+    [ -e "/etc/iptables/rules.v4" ] && /bin/mv /etc/iptables/rules.v4{,_bk}
+    cat > /etc/iptables/rules.v4 << EOF
 # Firewall configuration written by system-config-securitylevel
 # Manual customization of this file is not recommended.
 *filter
@@ -116,14 +117,9 @@ COMMIT
 EOF
   fi
 
-  FW_PORT_FLAG=$(grep -ow "dport ${ssh_port}" /etc/iptables.up.rules)
-  [ -z "${FW_PORT_FLAG}" -a "${ssh_port}" != "22" ] && sed -i "s@dport 22 -j ACCEPT@&\n-A INPUT -p tcp -m state --state NEW -m tcp --dport ${ssh_port} -j ACCEPT@" /etc/iptables.up.rules
-  iptables-restore < /etc/iptables.up.rules
-  cat > /etc/network/if-pre-up.d/iptables << EOF
-#!/bin/bash
-/sbin/iptables-restore < /etc/iptables.up.rules
-EOF
-  chmod +x /etc/network/if-pre-up.d/iptables
+  FW_PORT_FLAG=$(grep -ow "dport ${ssh_port}" /etc/iptables/rules.v4)
+  [ -z "${FW_PORT_FLAG}" -a "${ssh_port}" != "22" ] && sed -i "s@dport 22 -j ACCEPT@&\n-A INPUT -p tcp -m state --state NEW -m tcp --dport ${ssh_port} -j ACCEPT@" /etc/iptables/rules.v4
+  iptables-save < /etc/iptables/rules.v4
 fi
 service rsyslog restart
 service ssh restart