How can I make a specific set of iptables rules permanent?
Solution 1
The simplest method is to use iptables-save and iptables-restore to save the currently-defined iptables rules to a file and (re)load them (e.g., upon reboot).
So, for instance, you would run
sudo iptables-save | sudo tee /etc/iptables.conf
to save your current iptables rules to /etc/iptables.conf and then insert these lines in /etc/rc.local:
# Load iptables rules from this file
iptables-restore < /etc/iptables.conf
Solution 2
A Quick Update to this as you might be using 12.04 now and things are better.
The iptables-persistent package now solves this issue. To install,
sudo apt-get install iptables-persistent
The rules defined when the package is installed are saved and used on each subsequent boots. New rules loaded are discarded at reboot.
The config file if you do need to change them (once iptables-persistent is installed) is /etc/iptables/rules.v4 or /etc/iptables/rules.v6 for ipv4 and ipv6 iptables respectively.
Solution 3
Better than /etc/rc.local is to add a line in /etc/network/interfaces after saving the iptable's rules, like this
post-up iptables-restore < /etc/iptables.up.rules
or it's the same to put the file inside /etc/network/if-down.d/ or /etc/network/if-post-down.d/ or /etc/network/if-pre-up.d/ or /etc/network/if-up.d/.
J. Bruni
Updated on September 18, 2022Comments
-
J. Bruni over 1 year
Is there a "best practice" or standard to make a few iptables rules permanent? I mean: automatically applied upon a system reboot?
I am using a VPS with Ubuntu Server 10.04 LTS (Lucid Lynx).
Thank you.
BIG EDIT: I don't want ANY rule to be persisted (like
iptables-persistentpackage does). I want only my own specific set to be reloaded... if other rules are eventually added by running iptables, these should be discarded... -
J. Bruni over 12 years+1 Your answer is perfect to my original question. It also made me realize what I really want, so I had to change the question from "How can I make iptables rules permanent?" to "How can I make a specific set of iptables rules permanent?"
-
J. Bruni over 12 yearsIf you can, please, do a little edit to your answer to reflect the change in the question... I'll be happy to accept it! I need to use
iptables-saveonce, and reload always (iptables-restore at /etc/rc.local sounds good). -
David Tuite over 10 yearsIf you're getting
permission deniedwhen you try to use>then this Stack Overflow answer will be useful. -
Rajat Gupta about 10 yearsUse
sudo sh -c "iptables-save > /etc/iptables.conf"instead ofsudo iptables-save > /etc/iptables.conf -
Rajat Gupta about 10 years@Kreker: please do clarify, how your approach is better than executing a restoring script from
rc.local? does the other approach not work in some cases ? -
K. Darien Freeheart about 10 yearsAdding it to the network configuration causes it to be re-loaded after you run the "service networking restart" command. It's not limited to system starts. -
alphadogg almost 10 yearsWhy would one post-up iptables-restore when an interface is going down?
-
Bruno Bronosky over 6 yearsIf you make an edit to
/etc/iptables/rules.v4, how do you get it applied [officially]? Currently I'm doingsudo iptables-restore < /etc/iptables/rules.v4 -
pacoverflow over 3 years@BrunoBronosky Maybe you should make the change to iptables, then dosudo iptables-save > /etc/iptables/rules.v4to persist it.
