How to keep iptables rules after Ubuntu reboot? Maybe there is an answer

Didn't work with KVM, but logic tells me to find scripts that overwrite custom rules. If you can’t find it or you need to do it quickly, then you need to write your own script that will re-rewrite the rules.
You can implement it by writing a script in which all the rules are first thrown off and then the necessary ones are loaded. Insert this script into autoload after starting KVM.

Are you using nat to access the network for guests?
https://libvirt.org/firewall.html

The solution to the question is this:
Libvirtd hook to apply iptables rules
When installing KVM/qemu virtualization and using NAT, there is a problem with applying /etc/sysconfig/iptables rules. When the system boots, the iptables service starts at an early stage: /etc/rc3.d/S08iptables -> ../init.d/iptables
Then, at the end of the boot, libvirtd starts: /etc/rc3.d/S08iptables -> ../init. d/iptables which applies its default rules if NAT is used for guest OSes.
It might look like this:
MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports:
1024-65UE535 MASQUERADE udp -- 192.168.122.0/24 - 192.168.122.0/24 !192.168.122.0/24
As a result, NAT rules do not work as they were applied in /etc/sysconfig/iptables.
The following is a solution for using hooks in libvirtd to restart the iptables service after libvirtd starts:
1. mkdir /etc/libvirt/hooks
2. vi /etc/libvirt/hooks/network
#!/bin/bash
# Libvirt hook, see: https:/ /www.libvirt.org/hooks.html
# for iptables reloading after host booted
if [ "$2" = "started" ]; then
/etc/init.d/iptables restart
fi;
exit0;
3. chmod 755 /etc/libvirt/hooks/network
That is, the iptables service is restarted after the libvirtd daemon is started, applying the iptables system rules.
Description of libvirt hooks:
www.libvirt.org/hooks.html
libvirt.org/formatnwfilter.html
wiki.libvirt.org/page/Networking#NAT_forwarding_.2...