Saving an iptables configuration permanently
Solution 1
You need to add that command to a file that gets executed on startup, for example to /etc/rc.local
. You can also remove the sudo
prefix then because this file is executed as root
anyway.
You could also install and use the package iptables-persistent
:
martin@dogmeat ~ % aptitude show iptables-persistent
Package: iptables-persistent
State: not installed
Version: 0.5.7
Priority: optional
Section: universe/admin
Maintainer: Ubuntu Developers <[email protected]>
Architecture: all
Uncompressed Size: 62.5 k
Depends: iptables, lsb-base, debconf (>= 0.5) | debconf-2.0
Description: boot-time loader for iptables rules
This package provides a system startup script that restores iptables rules from a configuration file.
Since this is aimed at experienced administrators, there is no configuration wizard.
According to the documentation, it reads the rules from /etc/iptables/rules
.
Solution 2
Using iptables-save and iptables-restore you can save the actual rules to a file like this:
iptables-save > /etc/iptables.rules
You can add in /etc/network/interfaces file this:
pre-up iptables-restore < /etc/iptables.rules
And this line in the same to save before shutdown your machine:
post-down iptables-save > /etc/iptables.rules
Anyway you can find all the info in the Community Ubuntu Documentations - How to Iptables
Related videos on Youtube
Sajad Rastegar
I started web development with Ruby on Rails in 2014. I first did a few side-projects which led to being hired as a full-time developer for a local technology and services development company in 2016. I’ve now been programming professionally in Ruby since then. My development focus has recently shifted to DApps. Over the past 2 years, I got more involved with blockchain and learned smart contract development. I would love to to leverage this technology in a new app idea.
Updated on September 18, 2022Comments
-
Sajad Rastegar almost 2 years
How can I save this configuration permanently?
sudo iptables -t nat -A POSTROUTING -s 10.10.0.0/16 -o eth0 -j MASQUERADE
-
Martin von Wittich over 10 yearsI've seen that in the Ubuntu wiki too, but I don't really like that solution. If something screws up your rules during runtime (for example if something flushes the tables), the
iptables-save
will permanently save to borked configuration and then you'll have to fix it manually. -
drjors over 10 yearsThe
iptables-persistent
package is the easiest, least-technical method of getting it working, +1 to that answer.) -
Alexis Wilke over 7 years@MartinvonWittich, I concur that you should not use the auto-save. If you make changes and your existing firewall is what you want to survive, you just have to remember to call
iptables-save
. On my end, I prefer to edit theiptables.rules
file and add/remove from it. I used the save once a long time ago and since then I just update the existing rules.