Introduction
This is on Debian Buster with kernel 4.19.0-6
I've installed iptables-persistent and netfilter-persistent versions 1.0.11
and added a basic rule to arptables-nft to block all LAN addresses but the default gateway like so:
# arptables-nft -A INPUT -s ! 10.0.0.1 -j DROP
saving the rules into a file can be done like so
$ sudo arptables-nft-save >> ~/Desktop/arptable-rules.save
$ less ~/Desktop/arptable-rules.save
*filter
:INPUT ACCEPT
:OUTPUT ACCEPT
-A INPUT ! -s 10.0.0.1 --h-length 6 --h-type 1 -j DROP
And the rules can be restored like so
$ sudo arptables-nft -F
$ sudo arptables-nft-restore < ~/Desktop/arptable-rules.save
$ sudo arptables-nft -L -n
Chain INPUT (policy ACCEPT)
! -s 10.0.0.1 --h-length 6 --h-type 1 -j DROP
Chain OUTPUT (policy ACCEPT)
But for some reason, it does not persist past a reboot. I thought that arptables-nft would be part of the netfilter arp table, but it isn't. Aside from making a startup script (e.g. Making scripts run at boot time with Debian) which runs arptables-nft-restore and perhaps a shutdown script which runs arptables-nft-save, I am not sure how to make the arptable-nft table rules persistent past a reboot.
Question
Is there some way to have the rules automagically save like they do with nft or iptables-persistent and how they handle their tables? Or would writing a startup / shutdown script be less trouble?
