I am trying to add a webserver to my desktop fedora machine, and in order to do so I need the ports 80 and 443 to be open. I can achieve this by using iptables, and I saved my configuration to a file (
/root/iptables_rules). When I reboot the computer, I can type
iptables-restore < /root/iptables_rules to restore the previously set rules. However, when I put that command in
/etc/rc.local it seems to have no effect. The permissions on
-rw-r--r--. (user root:root) .
I have also tried putting the command in a systemd unit which runs after network, which also had no effect. Does anyone know what might be causing this/how I can fix it?
On systemd the rc-local service needs to be enabled:
sudo systemctl enable rc-local
Also the service file expects rc.local to be in:
Thanks. systemctl says:
The unit files have no installation config (WantedBy = etc. ). This means they are not meant to be enabled using systemctl.
Sorry I forgot, for some reason or another the package provided systemd unit file is missing the installation config. Easily fixed by creating a unit file in /etc/systemd/system, to prevent it being overwritten in future updates:
sudo systemctl enable rc-local should work.
Ok now I’m getting /root/iptables_rules : permission denied (from
systemctl status). It works when I run rc.local as root from the commandline
Could try adding:
To the start of the service section, shouldn’t be required; unit file works here, only difference is the rules file path:
That still doesn’t work, but the systemctl start works when selinux is disabled
So restoring the iptable rules now works, with selinux disabled? This makes sense, disabled on the system here as its running pihole.
Sorry selinux is beyond my knowledge.
Ok, thanks for your help so far
sudo dnf install iptables-services
sudo systemctl --now mask firewalld.service
sudoedit /etc/sysconfig/iptables /etc/sysconfig/ip6tables
sudo systemctl --now enable iptables.service ip6tables.service
Thank you, that worked! Is the firewall disabled now, and is that a problem?