Iptables not persisting after reboot on CentOS 6.2

linux centos firewall iptables
13,349

Solution 1

If the changes are not visible with iptables -L after a restart, it suggests that either:

  • The rules aren't being saved

    • You suggest that they are, but at the same time say 'completed timestamps' - plural. This might imply that you have more than one copy of the rules in the same file, and only the first set is being applied.
      • Redirect the output from iptables-save to the above file (don't append): 
        iptables-save > /etc/sysconfig/iptables
      • Alternatively, just move the existing file elsewhere, and then save.

  • The rules are being saved to the wrong file

    • Your configuration may be setup to load a different file than the one you are saving to - ensure that the file being loaded matches the file you save to.
      • The file is normally /etc/sysconfig/iptables
      • If you look in /etc/init.d/iptables, you should find the following lines which determine which file will be loaded: 
        IPTABLES=iptables
IPTABLES_DATA=/etc/sysconfig/$IPTABLES

  • There is an error with the rules

    • This is usually not an issue - iptables typically just ignores erroneous rules; and you are not writing them by hand (you are saving a presumably working ruleset).

  • iptables is not started on boot

    • run 
      chkconfig --list iptables
      to check in which runlevels iptables is loaded. If is is not enabled in the right runlevel, add it with 
      chkconfig --level 2345 iptables on

You should be able to test your setup by just restarting iptables (as opposed to restarting the machine):

service iptables restart

Standard iptables disclaimer: just in case something goes wrong...

  • back up your existing ruleset: 
    cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bak
  • setup a cron job that will flush your iptables after a few minutes (of course, remove this once everything is working).

Solution 2

Are you SURE that iptables-save "ran successfully"? All it does is spit out the current ruleset save file to text. You have to point it to /etc/sysconfig/iptables for that to work.

iptables-save > /etc/sysconfig/iptables

Generally speaking, if you see any output from iptables-save, it just spit the output to your display and that won't do you any good.

Solution 3

I think The best solution is : first enter following command to install iptables-services

yum install iptables-services

then enter following command to save iptable rules

service iptables save
Share:
13,349

Related videos on Youtube

Aaron
Author by

Aaron

Passionate software engineer with strong knowledge and experience in Linux, security, and databases.

Updated on September 18, 2022

Comments

  • Aaron
    Aaron over 1 year

    I've tried adding a few rules to my iptables but they don't seem to be saving. In order to save them, I've tried running iptables-save and service iptables save. Each time I have run either of those commands, it says that it has saved successfully. Here are the rules I am trying to insert:

    iptables -A INPUT -j REJECT -p tcp --destination-port 3306
iptables -A INPUT -j REJECT -p tcp --destination-port 25

    These rules work and will stay in place after I input them, but when I go to reboot the system they are gone from the list when running iptables -L and the ports are open again (checked using nmap).

    When looking at my /etc/sysconfig/iptables file, the rules are there (at the bottom) and all of the "completed" timestamps are from when I saved the rules which seems correct. Also, in my /etc/sysconfig/iptables-config file all of the settings are default and do not seem to change anything as far as loading iptable rules from a different location or something.

  • BE77Y
    BE77Y over 8 years
    This answer doesn't add any info to the already existing answers (and provides less detail)
  • Love
    Love about 7 years
    Thank you very much. It works for me, My iptables config didn't sace to file. So I use ptables-save > /etc/sysconfig/iptables

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What prevents a machine from responding to pings?
blocking port 80 via iptables
iptables blocking from internet side on eth1?
IPtables string match for some URLs
What does an empty iptables mean?
Problems with multicasts in "iptables"
Why is this iptables file line failing in CentOS 6
iptables - Block incoming on Eth1 and Allow All from eth0
How can I rate limit SSH connections with iptables?
No route to host with nc but can ping