119

I create the rules to iptables. But, when I restart the computer, the rules don't work! How to save the rules on Ubuntu ?

The was problem solved!

do:

After of the write the commands iptables, do:

 1. sudo su
 2. iptables-save > /etc/iptables.rules
 3. In /etc/network/if-pre-up.d/iptables,put:

 #!/bin/sh
 iptables-restore < /etc/iptables.rules
 exit 0

 4. After, in /etc/network/if-post-down.d/iptables,put:
 #!/bin/sh
 iptables-save -c > /etc/iptables.rules
 if [ -f /etc/iptables.rules ]; then
 iptables-restore < /etc/iptables.rules
 fi
 exit 0
 5. After, give permission to the scripts:
 sudo chmod +x /etc/network/if-post-down.d/iptables
 sudo chmod +x /etc/network/if-pre-up.d/iptables

More information: https://help.ubuntu.com/community/IptablesHowTo#Saving_iptables Good luck!

Jorge Castro
  • 71,754
Gustavo
  • 1,199
  • https://help.ubuntu.com/community/IptablesHowTo#Saving_iptables – 23 93 26 35 19 57 3 89 Apr 06 '12 at 06:26
  • I've done everything! And don't work!! – Gustavo Apr 06 '12 at 06:27
  • 1
    It would be helpful if you updated the ticket with specifics on what you have tried, on what results you have encountered. It would also be good to know whatever it is a desktop install or a server install; whatever it uses NetworkManager or not. – andol Apr 06 '12 at 06:30
  • 4
    Since you found a solution, you should accept the answer that led you to that result or you should put your answer content in the "answer" box and then accept your own answer. This allows this question to be marked as "answered" in the system, which will help other users if they have a similar problem. Have a good day! – weberc2 Apr 06 '12 at 20:24
  • Message during installation of iptables-persistent is as follows: Current iptables rules can be saved to the configuration file /etc/iptables/rules.v4. These rules will then be loaded automatically during system startup. Rules are only saved automatically during package installation. See the manual page of iptables-save(8) for instructions on keeping the rules file up-to-date. – Craig Hicks Mar 11 '18 at 12:28
  • That message was a strong hint that saving rules wasn't going to be easy. – Craig Hicks Mar 11 '18 at 12:29
  • The assumption made by the netfilter-persistent/iptables-persistent design is that saving once during installation of the iptables-persistent package is enough - that same saved rule file can be used on every boot thereafter. Of course, if the rules are dynamically changing then that assumption is not valid. – Craig Hicks Mar 11 '18 at 12:33
  • It's quite possible that at least some of the answers claiming that saving rules action was working just didn't notice that the rules saved at package installation weren't being refreshed at each shutdown. As long as they are loaded at boot, there is no problem. – Craig Hicks Mar 11 '18 at 12:36

2 Answers2

185

The easy way is to use iptables-persistent.

Install iptables-persistent:

sudo apt-get install iptables-persistent

After it's installed, you can save/reload iptables rules anytime:

sudo /etc/init.d/iptables-persistent save 
sudo /etc/init.d/iptables-persistent reload

Ubuntu 16.04 Server

The installation as described above works without a problem, but the two commands for saving and reloading above do not seem to work with a 16.04 server. The following commands work with that version:

sudo netfilter-persistent save
sudo netfilter-persistent reload
d a i s y
  • 5,511
user213088
  • 1,851
  • 4
    Thank you, I was wondering why it wasn't working with Ubuntu 16.04 – bluesman Dec 12 '16 at 21:59
  • 3
    netfilter-persistent is run as a service offering hooks at shutdown time and at at boot time. After installing iptables-persistent as a plugin for netfilter-persistent, the iptables-persistent plugin should be called by netfilter-persistent service to do the saving and loading. But in some configurations seem to intentionally skip writing. The reason for that is and how to control it is opaque. – Craig Hicks Mar 11 '18 at 12:22
  • Message during installation of iptables-persistent is as follows: Current iptables rules can be saved to the configuration file /etc/iptables/rules.v4. These rules will then be loaded automatically during system startup. Rules are only saved automatically during package installation. See the manual page of iptables-save(8) for instructions on keeping the rules file up-to-date. – Craig Hicks Mar 11 '18 at 12:24
  • 2
    Therefore, I can't see this answer as an actual answer. – Craig Hicks Mar 11 '18 at 12:26
55

The generic method of saving iptables rules is to use the command iptables-save, which writes to stdout.

iptables-save > /etc/network/iptables.rules

The output created by iptables-save can then by read on stdin by iptables-restore. If on a server, without NetworkManager, a common approach is then to use a pre-up command in /etc/network/interfaces.

iface eth0 inet static
        ....
        pre-up iptables-restore < /etc/network/iptables.rules

If you are using NetworkManager it should be possible to run the same command from a script created under /etc/NetworkManager/dispatcher.d/. In the Community Documentation - iptables howto, see Configuration on Startup for NetworkManager for more information.

Do note that the commands iptables, iptables-save and iptables-restore are IPv4 only. For IPv6 traffic the equivalent commands are ip6tables, ip6tables-save and ip6tables-restore.

andol
  • 6,733