How to keep iptables rules after Ubuntu reboot?

Igor2013-02-12 14:16:28

linux

Igor, 2013-02-12 14:16:28

After rebooting Ubuntu 12.10, the iptables rules "fly off". I know that it is possible to win by prescribing rules in rc.local. As an alternative, it was advised to use ferm. What does an experienced Khabrovchanin think about this topic? Which option is preferable and where can there be “pitfalls”?

Answer the question

In order to leave comments, you need to log in

12 answer(s)

Roman Danilov, 2013-02-12
@shanker

Here is a solution that works for Debian 6.0 and Debian 7.0 for now, should work on Ubuntu as well.
Under superuser:

We make a script that is executed when the interface is raised
```
nano -w /etc/network/if-up.d/00-iptables
```
#!/bin/sh
iptables-restore < /etc/firewall.conf
ip6tables-restore < /etc/firewall6.conf

Give the right to run this script

chmod +x nano -w /etc/network/if-up.d/00-iptables

Save the rules for IPv4 in the config
```
iptables-save >/etc/firewall.conf
```
We save the rules for IPv6 in the config
```
ip6tables-save >/etc/firewall6.conf
```

I'm sorry that I can't find a link to the original source, but the solution is so classic that you can find it on Google using the word 00-iptables with many examples and modifications. As far as I remember, this is how I load the netfilter configuration since Debian 5.0.

EKrava, 2013-02-14
@EKrava

debian and ubuntu added iptables-persistent package
which uses iptables-save/iptables-restore
#service iptables-persistent
Usage: /etc/init.d/iptables-persistent {start|restart|reload|force-reload|save|flush}
after configuring the rules as needed, do a service iptables-persistent save and they will be applied on the next boot

Alexey Zhurbitsky, 2013-02-12
@blo

iptables-save/iptables-restore

Mark, 2013-02-12
@printf

You can install iptables-persistent.

beho1der, 2013-02-12
@beho1der

If you do not use a network manager to raise the network, then you can write to the end of /etc/network/interfaces
post-up iptables-restore < /etc/iptables.rules
After applying the rules and saving them to this same iptables.rules file with the command$ iptables-save > /etc/iptables.rules

vsespb, 2013-02-12
@vsespb

IMHO it's much better to have a bash/sh file that creates rules at autoload than to use iptables-save and iptables-restore.
After all, in a bash file you cannot replace the same addresses/ports/interfaces/protocols/ranges in different lines with variables, you can, if you wish, set up some kind of loop or enable routing in /proc/sys/net/ipv4/ip_forward ( it is more logical to combine it with the rules, because without it they may not make sense)

Evgeny Yablokov, 2013-02-12
@Gular

Just like in Debian. It means that they are the same by default in this regard.
Win - by creating a file with the rules and adding it to rc.local for execution, or better - to autoload by putting the file in init.d.

Sergey, 2013-02-12
@bondbig

iptables-save?

Ilya Evseev, 2013-02-12
@IlyaEvseev

Once on the command line:
iptables-save > /etc/network/iptables.save
In /etc/rc.local:

F="/etc/network/iptables.save"
test -f "$F" && /sbin/iptables-restore < $F

Unelegant, but workable.

lubezniy, 2013-02-12
@lubezniy

Alt and ASP use an entry in /etc/sysconfig/iptables; default recovery is specified when the network service is brought up.

tgz, 2013-02-14
@tgz

It is best to entrust the management of iptables rules to some firewall builder. He will restore everything.

3vi1_0n3, 2014-07-21
@3vi1_0n3

Or here's another option - a script for autoloading iptables in debian - mnorin.com/nastrojka-avtozagruzki-pravil-iptables-...