To home page

Saving Iptables rules

How to make Iptables rules persistent after reboot

The iptables firewall in Linux is a powerful tool that allows administrators to precisely control network access, permitting or blocking specific traffic with fine-grained accuracy.

Experienced Linux administrators are likely familiar with the frustration of losing iptables rules after a system reboot. By default, iptables settings are not saved automatically. Once you’ve configured your rules, an additional step is needed to ensure they persist and remain active after restarting the server.

Before proceeding, make sure you have some rules already configured on your system.

Note

The # symbol indicates a command run as root. Open a terminal with root privileges beforehand — sudo -i on Debian-based systems or su on others.

To view your current rules:

# iptables -L

Follow the instructions below depending on your Linux distribution.

Saving Rules on Ubuntu/Debian

To make iptables rules persistent across reboots, install the iptables-persistent package:

# apt install iptables-persistent

During installation, you’ll be prompted to save the current rules. If your rules are already configured, choose “Yes.”

To manually save rules after making changes:

# netfilter-persistent save

The rules are saved in the following files:

/etc/iptables/rules.v4
/etc/iptables/rules.v6

To update the saved rules with new settings:

# iptables-save > /etc/iptables/rules.v4
# ip6tables-save > /etc/iptables/rules.v6

To remove persistent rules, open the corresponding file and delete the lines for the rules you no longer need.

Saving Rules on CentOS/RHEL

For CentOS/RHEL, use the iptables-services package:

# dnf install iptables-services

To save your current rules:

# service iptables save

They will be stored in:

/etc/sysconfig/iptables
/etc/sysconfig/ip6tables

To load the rules automatically on boot, enable the iptables service:

# systemctl enable iptables
# systemctl start iptables

Check the service status:

# systemctl status iptables

To update the saved rules with new changes:

# iptables-save > /etc/sysconfig/iptables
# ip6tables-save > /etc/sysconfig/ip6tables

To remove rules, open the relevant file (/etc/sysconfig/iptables for IPv4 or /etc/sysconfig/ip6tables for IPv6) and delete the lines you don’t need.

Following this approach ensures your firewall rules are preserved and automatically applied at system startup. If you’re using virtual servers or managing infrastructure on dedicated servers, this eliminates the risk of leaving your server unprotected after a reboot.

Need help?Our engineers will help you free of charge with any question in minutesContact us