26

I have problem with iptables on Ubuntu 18.04 before that I used to use with Centos 7 and Red Hat and I can simply restart with

systemctl restart iptables

but on Ubuntu it does not work. I could not find iptable under init.d neither.

Can anybody help me out how can I restart or reload it on Ubuntu 18.04?

ThankYee
  • 1,708
CsharpJoe
  • 361
  • So ubuntu 1804 delete iptables-save from the default installation? I used to spend serval days to study how to use iptables-save, then it is disappear from the default installation, WTF? So which linux kernel syscall should I use to get the same effect as iptables-save in case ubuntu 2004 delete ufw from the default installation? – bronze man Apr 22 '19 at 06:41

5 Answers5

41

EDIT: Newer versions of RHEL use firewalld by default, which is also available in Ubuntu.

If you would like your Ubuntu firewall to function in a similar way to RedHat/Fedora, in Ubuntu 18.04 20.04 22.04, you probably want these:

sudo apt install iptables-persistent netfilter-persistent

Then edit the rules in /etc/iptables/rules.v[46]

Other commands that might be useful:

netfilter-persistent save
netfilter-persistent start

iptables-save  > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6


systemctl stop    netfilter-persistent
systemctl start   netfilter-persistent
systemctl restart netfilter-persistent

If you ever find that your rules aren't correctly applied at boot, you can run these commands to test that there are not errors in your config files:

iptables-restore  < /etc/iptables/rules.v4
ip6tables-restore < /etc/iptables/rules.v6

The two packages are similar, but provide slightly different functionality. If you only install iptables-persistent, you won't get the service definition file for correct handling in systemd, eg /lib/systemd/system/netfilter-persistent.service

If you only install netfilter-persistent, you will find that rules are not correctly applied at boot, as per the README

netfilter-persistent and its plugins
------------------------------------

netfilter-persistent does no work on its own. You need the accompanying
plugins (for example, iptables-persistent) to load and save filter rules.


However, commands are run from netfilter-persistent. For example, to save
all filter rules:


netfilter-persistent save


or to load them:


netfilter-persistent start


For more details, see man netfilter-persistent.


The system service will try to load rules at startup if enabled, but by
default it will not flush rules at shutdown. This behaviour can be changed
by editing /etc/default/netfilter-persistent.
ThankYee
  • 1,708
  • afaict, netfilter-persistent save will also update /etc/iptables/rules.v4/6, which if correct, I think noting iptables-save > /etc/iptables/rules.v4/6 as well is unnecessary. – gilad905 Oct 10 '19 at 10:51
  • That is true, but the additional commands were included for completeness. Personally, I never use the netfilter-persistent save command because it includes comments and doesn't zero the counters. – ThankYee Oct 11 '19 at 11:32
5

In newer distributions you normally have a frontend to configure and manage the firewall. The most popular these days are ufw and firewalld and maybe shorewall. Those frontends also take care to add the rules in iptables and the iptables script can be skipped or better to say should be skipped, as the frontends will not pick up your changes you have done with iptables command directly.

For Ubuntu 18.04, it seems firewalld has become the default where ufw is installed but inactive.

root@localhost:~# firewall-cmd --state 
running
root@localhost:~# ufw status
Status: inactive

So rather than creating own iptables conform rules you should use these frontends to create your firewall configuration.

I am not familiar with ufw but sure you will find information here with askubuntu or somewhere else on the internet.
firewalld comes with a GUI (firewall-config) and a command line tool firewall-cmd.
With firewalld you have the option to add rules without applying it right now (permanent) and apply it only after a firewall reload. Or you can add them to your runtime configuration, test it and add it then to your permanent configuration.
To reload e.g. a newly added permanent configuration to your running rules you would have to enter the command as follows or do the corresponding clicks in the GUI.

firewall-cmd --reload

It might look a bit more complicated on the first glance, since firewalld is following zones and an chains concept. But it nicely integrates with NetworkManager, ships a GUI...
A good starting point to get familiar with it is here.

Thomas
  • 6,223
2

You can check content of the package with :

dpkg -L iptables-persistent

And then you will find that following command is correct:

/etc/init.d/netfilter-persistent restart
Ken Sharp
  • 991
  • 8
  • 31
bluszcz
  • 212
0

In Ubuntu 1804 to achieve persistence, use the command: iptables-save > /etc/iptables/rules.v4

or just add the iptables line by hand to the file: /etc/iptables/rules.v4

Yasir Elsharif
  • 1
-2

Debian / Ubuntu does not have an init script for iptables (unlike any fedora / RHEL / Centos)

You either have e to write a script or see iptables resets when server reboots

Alternately use UFW https://help.ubuntu.com/community/UFW

Or firewalld

How can we replace iptables with firewalld in ubuntu 16.04?

Panther
  • 102,067