Saving an iptables configuration permanently

ubuntu iptables

7,123

Solution 1

You need to add that command to a file that gets executed on startup, for example to /etc/rc.local. You can also remove the sudo prefix then because this file is executed as root anyway.

You could also install and use the package iptables-persistent:

martin@dogmeat ~ % aptitude show iptables-persistent
Package: iptables-persistent             
State: not installed
Version: 0.5.7
Priority: optional
Section: universe/admin
Maintainer: Ubuntu Developers <[email protected]>
Architecture: all
Uncompressed Size: 62.5 k
Depends: iptables, lsb-base, debconf (>= 0.5) | debconf-2.0
Description: boot-time loader for iptables rules
 This package provides a system startup script that restores iptables rules from a configuration file. 

 Since this is aimed at experienced administrators, there is no configuration wizard.

According to the documentation, it reads the rules from /etc/iptables/rules.

Solution 2

Using iptables-save and iptables-restore you can save the actual rules to a file like this:

iptables-save > /etc/iptables.rules

You can add in /etc/network/interfaces file this:

pre-up iptables-restore < /etc/iptables.rules

And this line in the same to save before shutdown your machine:

post-down iptables-save > /etc/iptables.rules

Anyway you can find all the info in the Community Ubuntu Documentations - How to Iptables

7,123

Sajad Rastegar

I started web development with Ruby on Rails in 2014. I first did a few side-projects which led to being hired as a full-time developer for a local technology and services development company in 2016. I’ve now been programming professionally in Ruby since then. My development focus has recently shifted to DApps. Over the past 2 years, I got more involved with blockchain and learned smart contract development. I would love to to leverage this technology in a new app idea.

Updated on September 18, 2022

Comments

Sajad Rastegar almost 2 years

How can I save this configuration permanently?

sudo iptables -t nat -A POSTROUTING -s 10.10.0.0/16 -o eth0 -j MASQUERADE
Martin von Wittich over 10 years

I've seen that in the Ubuntu wiki too, but I don't really like that solution. If something screws up your rules during runtime (for example if something flushes the tables), the iptables-save will permanently save to borked configuration and then you'll have to fix it manually.
drjors over 10 years

The iptables-persistent package is the easiest, least-technical method of getting it working, +1 to that answer.)
Alexis Wilke over 7 years

@MartinvonWittich, I concur that you should not use the auto-save. If you make changes and your existing firewall is what you want to survive, you just have to remember to call iptables-save. On my end, I prefer to edit the iptables.rules file and add/remove from it. I used the save once a long time ago and since then I just update the existing rules.