Keep in mind that cron's PATH does not contain /sbin, /usr/sbin or /usr/local/sbin, so make sure to use the full path to iptables-restore.
2- I usually favor REJECT instead of DROP for iptables rules. The latter will drop packets, meaning you'll have to wait for a (looong) timeout, the former will give you an instant deny.
Yep, and so is kill, so I wouldn't promote those aliases.
Also, IMHO, aliases should be short: what's more efficient, typing 'process' or 'ps -aux'?
Both are 7 characters long, tab-completion notwithstanding :)
Authored Comments
Hello, interesting article!
Two minor things, though:
1- cron can actually run commands upon a reboot, you'd use a line like this:
@reboot /sbin/iptables-restore < /root/my.active.firewall.rules
Keep in mind that cron's PATH does not contain /sbin, /usr/sbin or /usr/local/sbin, so make sure to use the full path to iptables-restore.
2- I usually favor REJECT instead of DROP for iptables rules. The latter will drop packets, meaning you'll have to wait for a (looong) timeout, the former will give you an instant deny.
Cheers!
Yep, and so is kill, so I wouldn't promote those aliases.
Also, IMHO, aliases should be short: what's more efficient, typing 'process' or 'ps -aux'?
Both are 7 characters long, tab-completion notwithstanding :)