I add this rule:
sudo iptables -t nat -A OUTPUT -d a.b.c.d -p tcp \
--dport 1723 -j DNAT --to-destination a.b.c.d:10000
- When restart computer rules are deleted. Why?
- What I can do to make the rules persist?
Asked
Active
Viewed 1.7e+01k times
91
Jeff Schaller
- 67,283
- 35
- 116
- 255
Jhonathan
- 3,605
6 Answers
93
On Debian, install iptables-persistent:
sudo apt-get install iptables-persistent
The package will automatically load /etc/iptables/rules for you during boot.
Any time you modify your rules, run /sbin/iptables-save > /etc/iptables/rules to save them. You can also add that to the shutdown sequence if you like.
stackprotector
- 500
bahamat
- 39,666
- 4
- 75
- 104
73
There is no option in iptables which will make your rules permanent. But you can use iptables-save and iptables-restore to fulfill your task.
First add the iptable rule using the command you gave.
Then save iptables rules to some file like /etc/iptables.conf using following command:
$ iptables-save > /etc/iptables.conf
Add the following command in /etc/rc.local to reload the rules in every reboot.
$ iptables-restore < /etc/iptables.conf
pradeepchhetri
- 9,959
-
22On Debian there is the
iptables-persistentpackage which will do this. – bahamat Oct 20 '12 at 00:09 -
12It's rather bad idea to place it in
rc.localsince there would be an open window gap between services start and firewall policy apply. I do prefer usingpre-uphook for loopback interface in/etc/network/interfacesto overcome this. – poige Oct 20 '12 at 11:07 -
@poige: I agree 100%,
rc.localmight have the intended effect, but it's a kludge in this situation. – J. M. Becker Oct 20 '12 at 14:52 -
4@bahamat: Installing that package is the best solution, It deserves it's own answer. – J. M. Becker Oct 20 '12 at 14:54
-
1
-
1
4
After installing iptables-persistent above you can also save rules with the following shorter command on Ubuntu 16.04+:
sudo netfilter-persistent save
And they can also be restored back to how they were last time you saved them with:
sudo netfilter-persistent reload
Robin Wilson
- 141
2
Because you did not save the iptables rules.
You can do that by using sudo iptables-save
Sir Muffington
- 1,286
- 3
- 8
- 23
2
- Install
iptables-persistentpackage - Whenever you change the rules of iptables, you should save the backup into following file using following command:
iptables-save -f /etc/iptables/rules.v4 (for iptables)
iptables-save -f /etc/iptables/rules.v6 (for ip6tables)
Hayk
- 123
-3
First install the persist iptables (ubunut or debian)
apt install iptables-persistent
Run your statement:
iptables -A INPUT -s 0/0 -p tcp --dport 5433 -j ACCEPT
Then save the settings
iptables-save
Finally restart the machine to verify
reboot
FargolK
- 1,667
Henry Coarite
- 1
- 1
-
1
-
-
iptables-savedoes not save anything. Read the manual:man iptables-save. – stackprotector Mar 11 '22 at 15:39
/etc/iptables/rules.v4and/etc/iptables/rules.v6for IPv4 and IPv6 respectively. If you want a table to apply to both kinds of connections you have to save it to both rule files. – PetaspeedBeaver Jan 23 '14 at 15:51ip6tablesandip6tables-savecommand. So, it'siptables-save > /etc/iptables/rules.v4for IPv4 iptables rules andip6tables-save > /etc/iptables/rules.v6for IPv6 iptables rules. – miu Aug 30 '23 at 14:13