For any rules you create to persist after you reboot your computer, they must be reapplied each time the computer starts. A startup script can do this for you. This file should be placed into your /etc/init.d directory and run automatically on startup. You can also start service manually (assuming the service is called iptables) by typing: ComputerName:~# /etc/init.d/iptables start You can also restart or stop the service by replacing start in the line above with either restart or stop. Startup Script Example

• This script is a good base to start from and can be modified to your needs.
• Make sure that the path to the iptables program within the script is valid.
• Double-check what the current location of your iptables install is by typing: # whereis iptables into the command line.
• When the service is started, all the old rules are flushed and the script first blocks all SSH and telnet calls to this machine.
• We would recommend adding before these reject rules a set of accept rules on the SSH and telnet ports for a few selected sources that you could use to access your machine remotely in case of a problem.
• The script then writes a final deny rule for all ports, allowing only pings to come through.
• Before this rule is where you should place accept rules for all of your trusted sources or open ports for the services on you machine that you want exposed. For example, if you wanted to run a web server that you needed to access from anywhere, you could add an accept rule on port 80 for all traffic before the final deny rule to allow only web traffic into your server from the outside world.
• Rules for this example can be found within the example startup script.
• If you are on a small private network, you could also write a series of accept rules that allowed only traffic from your network's range of IP addresses into your machine. Then the final deny rule would only stop any other traffic.

Installing iptables Using iptables