Saving Iptables Firewall Rules Permanently

kriticar · 27 August 2015 03:38

What is the proper way for saving iptables rules?
I know that I can use iptables-save/iptables-restore, but where to put iptables-restore?
Should I put it in /etc/rc.local or should I use iptables-persistent package?

What is the preferred way?

Toast · 27 August 2015 04:04

kriticar · 27 August 2015 09:14

I know how to do it, I am just asking for the proper way.

Toast · 27 August 2015 09:17

If you knew how to do it then why ask ? there is a working way and there is failure

since the distro uses iptables per default its not gonna break if you add the persistent package

kriticar · 27 August 2015 09:20

So, you are suggesting iptables save/restore in Rd . local?

sam_nazarko · 27 August 2015 09:54

Ideally you want want restore as a ifup.d rule but ConnMan does not support this at this time

Sam

HarryL · 27 August 2015 10:38

run as root

sudo -s

Save current firewall rules to file

iptables-save > /etc/firewall.conf

INCLUDE ON BOOT

echo ‘#!/bin/sh’ > /etc/network/if-up.d/iptables
echo “iptables-restore < /etc/firewall.conf” >> /etc/network/if-up.d/iptables
chmod +x /etc/network/if-up.d/iptables

SAVE ON SHUTDOWN/REBOOT

echo ‘#!/bin/sh’ > /etc/network/if-down.d/iptables
echo “iptables-save > /etc/firewall.conf” >> /etc/network/if-down.d/iptables
chmod +x /etc/network/if-down.d/iptables

is working for me

if you what to save your iptables rules after an change to iptables just run below… but it will run the same command on reboot or shutdown.

iptables-save > /etc/firewall.conf

edtjlun · 27 August 2015 12:38

install iptables-persistent, that will take care of all loading at boot time.

If your want to save manually you do a “netfilter-persistent save”. Why debian changed it to netfilter is beyond me.

You will get 2 files in /etc/iptables. rules.v4 and rules.v6. They are plain textfiles and are iptables commands which you can modify and load with “netfilter-persistent reload”

kriticar · 28 August 2015 14:59

I will try it. Thanks.

seco · 10 September 2018 13:16

If you are using CentOS 6 or Red Hat, you can save it like this:
$ iptables-save > /etc/sysconfig/iptables
Or if you are using CentOS 7, you can save it like this:
$ service iptables save
But if you are using Debian based distro, you can use iptables-persistent to save rules.
$ netfilter-persistent save
All these commands for iptables from here https://likegeeks.com/linux-iptables-firewall-examples/
Thank you.