firehol-iptables - include custom iptables commands
iptables argument…
ip6tables argument…
The iptables
and ip6tables
helper commands pass all of their arguments to the real iptables(8) or ip6tables(8) at the appropriate point during run-time.
Note
When used in an
interface
orrouter
, the result will not have a direct relationship to the enclosing definition as the parameters passed are only those you supply.
You should not use /sbin/iptables
or /sbin/ip6tables
directly in a FireHOL configuration as they will run before FireHOL activates its firewall. This means that the commands are applied to the previously running firewall, not the new firewall, and will be lost when the new firewall is activated.
The iptables
and ip6tables
helpers are provided to allow you to hook in commands safely.
When using the -t
option to specify a table, ensure this is the first option to iptables
, otherwise “fast activation” will fail with an error message such as:
iptables-restore: The -t option cannot be used in iptables-restore
Fix LXC DHCP on same host:
iptables -t mangle -A POSTROUTING -p udp --dport 68 -j CHECKSUM --checksum-fill