Ubuntu, like other Linux distributions, uses iptables as the default firewall to manage network traffic. However, iptables rules are not persistent and are lost upon reboot. In this article, we will explore how to make iptables rules permanent on Ubuntu.
To save iptables rules forever on Ubuntu, you can use the iptables-persistent package, which automatically saves and reloads your rules on boot. Alternatively, you can manually save the rules using the iptables-save command and restore them on boot using the /etc/rc.local file or network interface scripts.
What are iptables?
iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. The filters are organized in different tables, which contain chains of rules for how to treat network traffic packets.
Why Save iptables Rules?
Every time the system is rebooted, the iptables configuration resets to its default settings. To avoid reconfiguring the firewall after every reboot, it’s crucial to save the iptables rules.
Method 1: Using iptables-persistent Package
The iptables-persistent package is a tool to persist iptables rules across reboots. It automatically saves your current iptables configuration during installation and reloads them on boot.
Installing iptables-persistent
You can install the iptables-persistent package using the following command:
sudo apt-get install iptables-persistentDuring the installation process, you will be asked if you want to save your current IPv4 and IPv6 rules. Choose ‘Yes’ to save your current configuration.
Manually Saving Rules
If you want to manually save your rules, you can use the following commands:
sudo iptables-save > /etc/iptables/rules.v4
sudo ip6tables-save > /etc/iptables/rules.v6The iptables-save command dumps the current iptables rules to stdout. By redirecting the output (>) to a file, we save these rules for future use. The rules.v4 and rules.v6 files are automatically read by iptables-persistent during system startup.
Method 2: Using /etc/rc.local File
Another approach is to use the /etc/rc.local file to restore the iptables rules on boot.
Saving Rules
First, create a file with the contents of iptables-save using the following command:
sudo iptables-save > /etc/iptables_rulesRestoring Rules on Boot
Then, open the /etc/rc.local file and add the following line before the exit 0 line:
/sbin/iptables-restore < /etc/iptables_rulesThe iptables-restore command is used to restore IP Tables from data specified on stdin. By using < we are feeding the file contents as input to the iptables-restore command.
Method 3: Using Network Interface Scripts
You can also use network interface scripts to restore the iptables rules. This method is more secure as it executes earlier in the system startup process.
Saving Rules
Save the current iptables rules to a file:
sudo iptables-save > /etc/iptables_rulesCreating a Script to Restore Rules
Next, create a one-line script in /etc/network/if-up.d/firewall:
echo "/sbin/iptables-restore < /etc/iptables_rules" | sudo tee /etc/network/if-up.d/firewallThen, make the script executable:
sudo chmod +x /etc/network/if-up.d/firewallThis script will be executed every time you enable your network interfaces, ensuring that the rules are loaded correctly.
Conclusion
In this article, we have discussed several methods to save iptables rules permanently on Ubuntu. Whether you choose to use the iptables-persistent package, the /etc/rc.local file, or network interface scripts depends on your specific needs and system configuration. By saving your iptables rules, you can ensure that your firewall settings are maintained across system reboots.
Iptables rules are not persistent on Ubuntu because they are stored in memory and are not automatically saved upon reboot. This means that the firewall configuration resets to its default settings after every reboot.
There are multiple methods to make iptables rules persistent on Ubuntu. You can use the iptables-persistent package, modify the /etc/rc.local file, or utilize network interface scripts to save and restore the rules on boot.
The iptables-persistent package is a tool that allows you to persist iptables rules across reboots. It automatically saves your current iptables configuration during installation and reloads them on boot.
You can install the iptables-persistent package by running the following command: sudo apt-get install iptables-persistent. During the installation process, you will be prompted to save your current IPv4 and IPv6 rules. Choose ‘Yes’ to save your current configuration.
To manually save your iptables rules, you can use the following commands:
sudo iptables-save > /etc/iptables/rules.v4
sudo ip6tables-save > /etc/iptables/rules.v6These commands will dump the current iptables rules to the specified files, which will be automatically read by iptables-persistent during system startup.
To restore iptables rules on boot using the /etc/rc.local file, you need to save the rules to a file using iptables-save and then add the following line before the exit 0 line in the /etc/rc.local file:
/sbin/iptables-restore < /etc/iptables_rulesThis line will restore the iptables rules from the specified file during system startup.
To use network interface scripts to restore iptables rules, you need to save the rules to a file using iptables-save and then create a one-line script in /etc/network/if-up.d/firewall with the following command:
echo "/sbin/iptables-restore < /etc/iptables_rules" | sudo tee /etc/network/if-up.d/firewallMake sure to make the script executable by running sudo chmod +x /etc/network/if-up.d/firewall. This script will be executed every time you enable your network interfaces, ensuring that the rules are loaded correctly.
