1

I am adding a chain using iptables:

iptables -N ETDROP

When I reboot, this is lost. I read of many ways to make iptables rules permanent... however

You must remember, I am using UFW and UFW has this job of remembering your rules.

So the question is, how do I get UFW to realize that a new rule has just been added directly by iptables?

I tried ufw reload but no cookie.

conanDrum
  • 437
  • 1
  • 5
  • 14
  • cross-site duplicate: https://serverfault.com/questions/198398/ubuntu-how-to-add-an-iptables-rule-that-ufw-cant-create – user4556274 Jun 22 '19 at 08:45
  • I disagree.... If there is no way for UFW to import iptables then the accepted answer should be "This is impossible. you must use other methods." – conanDrum Jun 22 '19 at 08:49
  • Can ufw actually READ iptables or does it only WRITE? – conanDrum Jun 22 '19 at 08:53
  • The question is wrong. ufw does not have the job of remembering your (iptables) rules; it has the job of remembering the iptables rules _which it added_. ufw is to simplify iptables management for people with simple requirements; not a global replacement for the `iptables` command line. – user4556274 Jun 22 '19 at 08:54
  • excellent.. so you allege that ufw can only WRITE into iptables... never read them – conanDrum Jun 22 '19 at 08:55
  • No, I'm not alleging that. For example, issue `ufw show raw` for a dump of the netfilter tables. Read the [`ufw` man page](http://manpages.ubuntu.com/manpages/trusty/man8/ufw.8.html) – user4556274 Jun 22 '19 at 09:11
  • That is just informational. ufw cannot act on that. its just a report and actually has nothing to do with the rules which ufw is managing. – conanDrum Jun 22 '19 at 09:23

2 Answers2

0

iptables are not persistent by default. You need to save them and re-load on startup. There is a package to do that automatically for that on most distrebutions.

On Ubuntu, Debian, Mint try:

sudo apt-get install iptables-persistent
Philip Couling
  • 17,591
  • 5
  • 42
  • 82
0

Based on various member's input, it seems that the answer is that:

UFW can not IMPORT iptables rules, it can only write them.

UFW command->UFW->iptables and never the other way round.

So if you use UFW and want to add some complicated rule, you are stuffed! e.g. adding a zone.

Work arounds

  1. Use only iptables with iptables-persistent to reload its configuration on reboot.
  2. Hybrid solution by editing ufw init files:
    Add your custom iptable 'compatible' rules in:
    /etc/ufw/before.rules or /etc/ufw/after.rules or /etc/ufw/user.rules
    These will be read by UFW after you restart it.
  3. Hybrid solution by editing startup files e.g. rc.local
    Add your iptables command in a startup script and it will be available after reboot!
conanDrum
  • 437
  • 1
  • 5
  • 14