iptables package is installed by default on the base system, but not
Two rulesets are already installed in the
$ ls /etc/iptables ... empty.rules simple_firewall.rules ...
You can take the
simple_firewall.rules file as a basis, copy it, then modify
the copy according to your needs.
$ cd /etc/iptables # cp simple_firewall.rules iptables.rules # vi iptables.rules
iptables should not be activated as a runit service. The runit services start
in parallel, so the web service might start before the iptables rules are
Instead, add these lines to
/etc/rc.local to import the rules from
if [ -e /etc/iptables/iptables.rules ]; then iptables-restore /etc/iptables/iptables.rules fi
Reboot, and check the active firewall rules:
# iptables -L
As described above, but work with