If it is of interest, I post here the configuration I set up on “/etc/sysconfig/firewall.local”.
I am waiting for suggestions for any corrections and/or improvements to the code.
#!/bin/sh
# Used for private firewall rules
# See how we were called.
case "$1" in
start)
## add your 'start' rules here
iptables -C HOSTILE_DROP -p tcp -d 69.42.215.252 --dport 443 -j ACCEPT
if [ $? -eq 1 ]
then
iptables -I HOSTILE_DROP -p tcp -d 69.42.215.252 --dport 443 -j ACCEPT
fi
iptables -C HOSTILE_DROP -p tcp -s 69.42.215.252 --sport 443 -j ACCEPT
if [ $? -eq 1 ]
then
iptables -I HOSTILE_DROP -p tcp -s 69.42.215.252 --sport 443 -j ACCEPT
fi
;;
stop)
## add your 'stop' rules here
iptables -D HOSTILE_DROP -p tcp -d 69.42.215.252 --dport 443 -j ACCEPT
iptables -D HOSTILE_DROP -p tcp -s 69.42.215.252 --sport 443 -j ACCEPT
;;
reload)
$0 stop
$0 start
## add your 'reload' rules here
;;
*)
echo "Usage: $0 {start|stop|reload}"
;;
esac
Basically, I made sure to check if the rule exists before entering it. If the rule exists, every time you run “start” from the terminal, the rule should replicate endlessly creating confusion. With the “iptables -C” check before insertion, this should not happen.
I don’t know whether it is important to do the check also for the elimination of the rule (stop/-D).