I add this rule:
sudo iptables -t nat -A OUTPUT -d a.b.c.d -p tcp \
--dport 1723 -j DNAT --to-destination a.b.c.d:10000
- When restart computer rules are deleted. Why?
- What I can do to make the rules persist?
Asked
Active
Viewed 1.7e+01k times
88
Jeff Schaller
- 66,199
- 35
- 114
- 250
Jhonathan
- 3,525
- 4
- 24
- 23
6 Answers
90
On Debian, install iptables-persistent:
sudo apt-get install iptables-persistent
The package will automatically load /etc/iptables/rules for you during boot.
Any time you modify your rules, run /sbin/iptables-save > /etc/iptables/rules to save them. You can also add that to the shutdown sequence if you like.
stackprotector
- 400
- 2
- 3
- 17
bahamat
- 38,658
- 4
- 70
- 103
-
21There are two different rule files: `/etc/iptables/rules.v4` and `/etc/iptables/rules.v6` for IPv4 and IPv6 respectively. If you want a table to apply to both kinds of connections you have to save it to both rule files. – PetaspeedBeaver Jan 23 '14 at 15:51
-
17**Don't add it to your shutdown sequence!** If you botch your rules during changes/setup at least a good old reboot will get things back to the previously working state. – VertigoRay Feb 27 '17 at 23:03
-
1If you want to save both kinds of rules (IPv4 & IPv6, as described by @PetaspeedBeaver) you need to use the `ip6tables` and `ip6tables-save` command. So, it's `iptables-save > /etc/iptables/rules.v4` for IPv4 iptables rules and `ip6tables-save > /etc/iptables/rules.v6` for IPv6 iptables rules. – miu Aug 30 '23 at 14:13
72
There is no option in iptables which will make your rules permanent. But you can use iptables-save and iptables-restore to fulfill your task.
First add the iptable rule using the command you gave.
Then save iptables rules to some file like /etc/iptables.conf using following command:
$ iptables-save > /etc/iptables.conf
Add the following command in /etc/rc.local to reload the rules in every reboot.
$ iptables-restore < /etc/iptables.conf
pradeepchhetri
- 9,859
- 12
- 51
- 59
-
21On Debian there is the `iptables-persistent` package which will do this. – bahamat Oct 20 '12 at 00:09
-
11It's rather bad idea to place it in `rc.local` since there would be an open window gap between services start and firewall policy apply. I do prefer using `pre-up` *hook for loopback interface* in `/etc/network/interfaces` to overcome this. – poige Oct 20 '12 at 11:07
-
@poige: I agree 100%, `rc.local` might have the intended effect, but it's a kludge in this situation. – J. M. Becker Oct 20 '12 at 14:52
-
3@bahamat: Installing that package is the best solution, It deserves it's own answer. – J. M. Becker Oct 20 '12 at 14:54
-
1
-
1
4
After installing iptables-persistent above you can also save rules with the following shorter command on Ubuntu 16.04+:
sudo netfilter-persistent save
And they can also be restored back to how they were last time you saved them with:
sudo netfilter-persistent reload
Robin Wilson
- 141
- 3
2
Because you did not save the iptables rules.
You can do that by using sudo iptables-save
Sir Muffington
- 739
- 2
- 7
- 21
2
- Install
iptables-persistentpackage - Whenever you change the rules of iptables, you should save the backup into following file using following command:
iptables-save -f /etc/iptables/rules.v4 (for iptables)
iptables-save -f /etc/iptables/rules.v6 (for ip6tables)
Hayk
- 123
- 5
-3
First install the persist iptables (ubunut or debian)
apt install iptables-persistent
Run your statement:
iptables -A INPUT -s 0/0 -p tcp --dport 5433 -j ACCEPT
Then save the settings
iptables-save
Finally restart the machine to verify
reboot
FargolK
- 1,629
- 1
- 12
- 20
Henry Coarite
- 1
- 1
-
1
-
-
`iptables-save` does not save anything. Read the manual: `man iptables-save`. – stackprotector Mar 11 '22 at 15:39