Best practice to add custom IPtables?


I have a set of IPtables rules that I need to activate once after every other rules are set (and also after VPN tunnel is up)

These rules let forward containers requests towards the tunnel, and add some protections against DDOS attacks.

I’m not sure about the best practice: to regenerate a full list of rules with iptables-restore, or just append/insert some rules with a script. And when? After a specific service? Maybe after an amount of time?

For me the best pratice in yunohost is to setup a hooks triggered after yunohost add its iptables rules:

mkdir /etc/yunohost/hooks.d/post_iptable_rules
touch /etc/yunohost/hooks.d/post_iptable_rules/95-HOOKNAME



# PUT you rules here (bellow an example)
iptables -w -A vpnclient_in -p icmp -j ACCEPT

exit 0
1 Like

I see a directory /etc/yunohost/hooks.d/post_iptable_rules, i guess I should put the hook there?

indeed i made a small mistake a edit my answer