# firestarter / iptables and reboots

## MOS-FET

hello,

i've emerged firestarter + iptables. when i start firestarter, config everything like i want it works perfectly. firewall is up and running. but how the heck do i save the firewall rules and load them at boot? currently, i've tried this:

start firestarter, config everything, start firewall

/etc/init.d/iptables save to save firewall rules

rc-update add iptables default

this seems to work, when i reboot, iptables is started at boot. but when i then try to browse, it can't reach ANY sites, i'm just totally blocked! am i doing the wrong thing? where are the firewall rules saved? thanks for your help!

----------

## MrPyro

The firewall rules are saved in /var/lib/iptables/rules-save, but the format of that file is a little incomprehensible, especially if you're used to a GUI like firestarter (iptables rules are horrible to read).

As far as I'm aware, the process you've used to save the rules is correct (in fact, I just suggested similar steps to somebody in a different forum).

----------

## MrPyro

Does anything get logged in /var/log/syslog when you try to access the outside world?

----------

## JBapt

Check your input policies... they must be in reject

```
iptables -L
```

----------

## MOS-FET

hmm as far as i know iptables saves the rules in /var/lib/iptables/rules-save when i do an /etc/init.d/iptables save. i've looked into this file, and it seems that iptables somehow also saves my current ip address. could that be the reason? i mean, iptables is creating all rules specifically for my current ip address, and when i reboot, i have another ip addr and i can't get trough the firewall anymore. i've now created the iptables rules with firehol which works perfectly when i run "firehol start". could i rc-update add firehol? there's no firehol script in /etc/init.d. can i put a link there?

thanks

tom

----------

## kyck-ling

any solution to this? i have exactly the same problem...

----------

## TheWart

That is odd.

I use shorewall, and I am able to simply:

rc-update add shorewall default

----------

## d3c3it

 *MrPyro wrote:*   

> Does anything get logged in /var/log/syslog when you try to access the outside world?

 

for some reason firestarter says syslog doesnt exist ?

----------

## SmokeX

check the iptables policy using

```

iptables -L

```

to set the policy use

```

iptables -P OUTPUT ACCEPT

iptables -P INPUT ACCEPT

iptables -P FORWARD ACCEPT

```

each for each chain

also try to "Flush" the rules table if there's any rule that blocking ya...

```

iptables -F OUTPUT

...

etc.

```

generaly i prefer to use my own ruleset and not some GUI's rules,

and add the ruleset to rc-update.

learn about iptables

# man iptables

SmokeX.

----------

## d3c3it

 *SmokeX wrote:*   

> check the iptables policy using
> 
> ```
> 
> iptables -L
> ...

 

the problem was this actually

https://forums.gentoo.org/viewtopic.php?t=59506&highlight=firestarter

i was using a gui firewall as it seemed to be easier? its turned out not to be seen as the rules i made with it have stopped me from using rsync and any im's. im going to try and make my own manually i think

----------

