On Fri, 14 Feb 2025 12:02:39 +0000
fraser via Dng <dng@???> wrote:
> Hello list,
>
> Can anyone tell me how I can 'restore' (as in iptables-restore <
> /etc/iptables/rules.v4) an iptables ruleset without iptables-restore?
> The package seems to be missing from the repos.
>
> ~$apt-cache policy iptables*
> N: Unable to locate package iptables.sh
> N: Couldn't find any package by glob 'iptables.sh'
> N: Couldn't find any package by regex 'iptables.sh'
>
> ~$apt-cache policy iptables-*
> iptables-netflow-dkms:
> Installed: (none)
> Candidate: 2.6-4
> Version table:
> 2.6-4 500
> 500 http://deb.devuan.org/merged daedalus/main amd64 Packages
> iptables-nftables-compat:
> Installed: (none)
> Candidate: (none)
> Version table:
> iptables-persistent:
> Installed: 1.0.20
> Candidate: 1.0.20
> Version table:
> *** 1.0.20 500
> 500 http://deb.devuan.org/merged daedalus/main amd64 Packages
> 100 /var/lib/dpkg/status
>
> ~$ apt-cache policy iptables-*
> iptables-netflow-dkms:
> Installed: (none)
> Candidate: 2.6-4
> Version table:
> 2.6-4 500
> 500 http://deb.devuan.org/merged daedalus/main amd64 Packages
> iptables-nftables-compat:
> Installed: (none)
> Candidate: (none)
> Version table:
> iptables-persistent:
> Installed: 1.0.20
> Candidate: 1.0.20
> Version table:
> *** 1.0.20 500
> 500 http://deb.devuan.org/merged daedalus/main amd64 Packages
> 100 /var/lib/dpkg/status
>
> ~$apt-cache policy *-restore
> N: Unable to locate package *-restore
> N: Couldn't find any package by glob '*-restore'
> E: Regex compilation error - Invalid preceding regular expression
> N: Couldn't find any package by regex '*-restore'
>
> ~$apt-cache policy nft*
> nftlb:
> Installed: (none)
> Candidate: 1.0.7-1
> Version table:
> 1.0.7-1 500
> 500 http://deb.devuan.org/merged daedalus/main amd64 Packages
> nftables:
> Installed: (none)
> Candidate: 1.0.6-2+deb12u2
> Version table:
> 1.0.6-2+deb12u2 500
> 500 http://deb.devuan.org/merged daedalus/main amd64 Packages
>
> My principle usecase is as a cronjob on a remote host: if a known,
> good ruleset is restored from backup every 5 minutes, I am able to edit
> any experimental ruleset safe in the knowledge that should I shut myself
> out, it will only be for a few minutes. This seems to me to be an
> important facility, and I assume that the 'restore' function must be
> located elsewhere, but I cannot find it by googling.
>
> How do other people edit their firewall on a remote host?
>
> Many thanks
>
>
dpkg -L iptables
/.
/usr
/usr/bin
/usr/lib
snip
/usr/sbin/arptables-nft
/usr/sbin/arptables-nft-restore
/usr/sbin/arptables-nft-save
/usr/sbin/ebtables-nft
/usr/sbin/ebtables-nft-restore
/usr/sbin/ebtables-nft-save
snip
/usr/sbin/iptables-legacy
/usr/sbin/iptables-legacy-restore
/usr/sbin/iptables-legacy-save
/usr/sbin/iptables-nft
/usr/sbin/iptables-nft-restore
/usr/sbin/iptables-nft-save
Ciao,
Tito
::
Re: [DNG] iptables
