How do I get ipTables rules to stick?

Toggle sidebar Toggle sidebar
T

TechBoyJK

Lifer
Oct 17, 2002
16,699
60
91
So I can add rules to ipTables via command line, but they don't stick upon reboot or restarting ipTables.

How do you guys make your rules stick? Do you just write a bash script that runs when the server boots up?
 
Jodell88

Jodell88

Diamond Member
Jan 29, 2007
8,762
30
91
This should be default behaviour.
Code: 
iptables-save > /etc/iptables/iptables.rules
 
M

mv2devnull

Golden Member
Apr 13, 2010
1,526
160
106
Depends on distro.

Redhat-style is/was that initscripts load rules atomically to kernel's netfilter from /etc/sysconfig/iptables (and similar IPv6 file) during boot. As shown by Jodell88, a command (iptables-save) reads current netfilter rules from kernel to stdout (and initscripts include an incantation: "service iptables save"). Recent Fedora have some daemonic replacement for the iptables tool.
 
Red Squirrel

Red Squirrel

No Lifer
May 24, 2003
70,215
13,606
126
www.anyf.ca
I usually make a script called applyfirewallrules.sh and put it in /data/scripts/ (folders I make). I keep it all consistent on each machine so it's easy to know where stuff is no matter what distro.

I then just put the actual iptable commands in that script. Make sure it does a flush first though.

Did not know about the iptables-save command though, that might actually be a better route. Just be sure /etc is part of your backup job.
 
K

KenJackson

Junior Member
Jun 16, 2013
14
0
0
mv2devnull said:
Redhat-style is/was that initscripts ... "service iptables save").
Recent Fedora have some daemonic replacement for the iptables tool.
Click to expand...

I haven't changed my rules since systemctl rudely barged onto the scene, so the last time I save mine I used "service iptables save".

I just went looking for the systemctl equivalent. The equivalents for start and stop are implemented, but not save.

But I found the old init.d script here: /usr/libexec/iptables/iptables.init.

I wonder why the didn't add something like this line:
ExecSave=/usr/libexec/iptables/iptables.init save
to this file:
/usr/lib/systemd/system/iptables.service

If that was done, I think this would work: systemctl save iptables.service
 
Jodell88

Jodell88

Diamond Member
Jan 29, 2007
8,762
30
91
KenJackson said:
I haven't changed my rules since systemctl rudely barged onto the scene, so the last time I save mine I used "service iptables save".

I just went looking for the systemctl equivalent. The equivalents for start and stop are implemented, but not save.

But I found the old init.d script here: /usr/libexec/iptables/iptables.init.

I wonder why the didn't add something like this line:
ExecSave=/usr/libexec/iptables/iptables.init save
to this file:
/usr/lib/systemd/system/iptables.service

If that was done, I think this would work: systemctl save iptables.service
Click to expand...
I think you should look up SystemD on what it does and how it behaves.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom