April 23, 2015

Firewall: Persisting Iptables Rules

^ Ad space to help offset hosting costs :D

By default Iptables rules will not survive through a server reboot! Find out how to accomplish saving your firewall rules (along with some handy commands) on Debian/Ubuntu and CentOS/RedHat servers.Let's dive into some useful commands and see how to persist Iptables rules.

Basics

We can use some basic commands to output the current ruleset as text, and a command that will take that text and apply them as the current ruleset.

sudo iptables-save
sudo iptables-restore

For Example, to save iptables rules:

sudo iptables-save > ~/rules.v4

Later, we can restore those rules:

sudo iptables-restore < ~/rules.v4

Persisting Rules through Reboots (Debian/Ubuntu)

Use this with iptables-persistent (in Debian):

sudo apt-get install -y iptables-persistent
sudo service iptables-persistent start

sudo iptables-save > /etc/iptables/rules.v4
sudo service iptables-persistent restart

Persisting Rules through Reboots (CentOS/RedHat)

We won't need to install anything to do this on these distributions of Linux.

You can run the following:

sudo chkconfig iptables on
sudo service iptables save
sudo service iptables start

You'll find your IPv4 and IPv6 rule files at /etc/sysconfig/iptables and /etc/sysconfig/ip6tables respectively.

Resources

All Topics