Saving iptables rules after reboot

The iptables firewall is a built-in Linux tool for managing network traffic. It allows you to configure network access by permitting or blocking specific traffic.

By default, iptables rules are not saved after a system reboot. After configuring rules, you need to take additional steps to ensure they remain active after a restart. This is especially important when working with virtual servers or dedicated servers to avoid leaving your server unprotected.

Quick Start

1. Ensure that iptables rules are configured on your system.
2. Check current rules with the command:

iptables -L

Saving Rules on Ubuntu/Debian

Install the iptables-persistent package:

apt install iptables-persistent

During installation, you'll be prompted to save current rules. If rules are already configured, select "Yes".

Manual Rule Saving

To save rules after making changes:

netfilter-persistent save

Rules are saved in files:

• /etc/iptables/rules.v4 — for IPv4.
• /etc/iptables/rules.v6 — for IPv6.

Updating Rules

Update saved rules:

iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6

Removing Rules

Open the corresponding file (/etc/iptables/rules.v4 or /etc/iptables/rules.v6) and delete unwanted lines.

Saving Rules on CentOS/RHEL

Install the iptables-services package:

dnf install iptables-services

Saving Current Rules

Save rules with the command:

service iptables save

Rules are written to files:

• /etc/sysconfig/iptables — for IPv4.
• /etc/sysconfig/ip6tables — for IPv6.

Autoloading Rules

Enable iptables to start automatically:

systemctl enable iptables
systemctl start iptables

Check service status:

systemctl status iptables

Updating Rules

Update saved rules:

iptables-save > /etc/sysconfig/iptables
ip6tables-save > /etc/sysconfig/ip6tables

Removing Rules

Open the required file (/etc/sysconfig/iptables or /etc/sysconfig/ip6tables) and delete unnecessary lines.