Iptables Firewall in Linux Systems is a powerful tool that allows administrators to finely control network access, enabling or blocking specific traffic with high precision.
Experienced Linux administrators are likely familiar with the frustration of losing iptables rules after a system reboot. This happens because, by default, iptables settings are not saved after a reboot. After configuring the iptables rules, there's an additional step you need to take to ensure that they persist and remain active after the system restarts.
Before proceeding, ensure that you have already configured some rules on your system.
The # symbol indicates that the command is run as root. Open a terminal with root privileges in advance — sudo -i in Debian-based systems or su in others.
To view the current rules, run:
# iptables -L
Depending on the Linux distribution you're using, follow the instructions below to save the iptables rules you've configured.
Saving Rules on Ubuntu/Debian
To make the iptables rules persistent after a reboot, install the iptables-persistent package using the apt package manager:
# apt install iptables-persistent
During installation, you will be prompted to save the current iptables rules. If you already have the desired rules, choose "Yes." If necessary, you can save the rules manually later.
If you want to save the rules after making manual changes, use the command:
# netfilter-persistent save
This command saves the current rules for both iptables and ip6tables in the following files:
/etc/iptables/rules.v4
/etc/iptables/rules.v6
To update persistent iptables rules with new settings, use the iptables command:
# iptables-save > /etc/iptables/rules.v4
Or for IPv6 rules:
# ip6tables-save > /etc/iptables/rules.v6
To remove persistent iptables rules, open the corresponding /etc/iptables/rules.v* file and delete the lines containing the unwanted rules.
Saving Rules on CentOS/RHEL
To make iptables rules persistent after a reboot, install the iptables-services package using the dnf package manager:
# dnf install iptables-services
During installation, you will be prompted to save the current iptables rules. If you already have the desired rules, choose "Yes." If necessary, you can save the rules manually later.
If you want to save the rules after making manual changes, use the command:
# service iptables save
This command saves the current rules for both iptables and ip6tables in the following files:
/etc/sysconfig/iptables
/etc/sysconfig/ip6tables
To ensure the rules load at reboot, make sure iptables is enabled to start automatically:
# systemctl enable iptables
# systemctl start iptables
To check if the service is running, use the following command:
# systemctl status iptables
To update persistent iptables rules with new settings, use the iptables command:
# iptables-save > /etc/sysconfig/iptables
Or for IPv6 rules:
# ip6tables-save > /etc/sysconfig/ip6tables
To remove persistent iptables rules, open the /etc/sysconfig/iptables file for IPv4 rules, or the /etc/sysconfig/ip6tables file for IPv6 rules, and delete the lines containing the unwanted rules.