Save custom iptables entry to config database?

[cricketspacexdragon]

Hello, I have a TrueNAS SCALE installation (TrueNAS-SCALE-22.12-MASTER-20220902-034233, but this applies to other non nightly builds as well) where I need some custom iptables entries in order to route network traffic locally instead of over the net. I use a pi-hole hairpin DNS entry in order to do this and have to do some port remapping. Here are the entries:

Code:

iptables -A PREROUTING -t nat -i eno1 -p tcp --dport 443 -j DNAT --to 192.168.1.2:9443
iptables -A FORWARD -p tcp -d 192.168.1.2 --dport 9443

My question is how do I save these entries to the config database so they persist through a reboot? I checked the API documentation (Settings > API Keys > API Docs), and didn't find anything that looked like it would. Has anyone ever saved something like this?

 

[jgreco]

The NAS does not support firewall rules. While it also does not prohibit you from adding them, the infrastructure to do this is your responsibility. Try a post-boot shell script.

 

[cricketspacexdragon]

Thanks for the clarification, I will give that a try!

 

[cricketspacexdragon]

To document how I resolved this:

I opened a shell as root and entered crontab -e. I selected the editor of my choice and edited my crontab file. I entered the two following entries:

Code:

@reboot /usr/sbin/iptables -A PREROUTING -t nat -i eno1 -p tcp --dport 443 -j DNAT --to 192.168.1.252:9443
@reboot /usr/sbin/iptables -A FORWARD -p tcp -d 192.168.1.252 --dport 9443

I then rebooted my machine and used this command to see if my entry persisted and they did:
iptables -S FORWARD

 

[jgreco]

That probably won't survive an upgrade and definitely won't survive a reinstall. You really do need to use the post-boot shell script functionality offered by the NAS. Most of the things you know from Linux or FreeBSD are "wrong" in the NAS environment.