Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [iptables-persistent]

36 questions
31
votes
4 answers

Why isn't the Iptables persistent service saving my changes?

I followed this tutorial to set up IP rules on ubuntu 12.04. Everything worked fine on setup -- but now I've made changes to the firewall that do not persist upon reboot. I do not understand why that is. Here is a demonstration of how I am using…
bernie2436
  • 6,505
  • 22
  • 58
  • 69
5
votes
3 answers

how to make firewall changes permanent via firewall-cmd?

I am trying to open some ports in CentOS 7. I am able to open a port with the following command: firewall-cmd --direct --add-rule ipv4 filter IN_public_allow 0 -m tcp -p tcp --dport 7199 -j ACCEPT By inspecting via iptables -L -n, I get the…
fstab
  • 880
  • 4
  • 11
  • 18
4
votes
1 answer

fail2ban with iptables-persistent

I've been running fail2ban for a bit, and recently installed iptables-persistent and am using it with ipset for a blacklist (there's one particular IP that is always hammering away at this machine). The ipset/iptables persistency was a bit of work…
zzxyz
  • 319
  • 2
  • 13
3
votes
2 answers

Force iptables to immediately put drop rule into effect

I have the following setup: in /etc/iptables/rules.v4 # Generated by iptables-save v1.4.21 on Mon Jul 1 11:32:00 2019 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [3:620] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state…
spaceman117X
  • 370
  • 2
  • 6
  • 17
3
votes
1 answer

How to save only specific iptables chains?

I need to configure iptables on a linux machine with running docker containers. If I save iptables rules with iptables-save > /etc/iptables/rules.v4, rules from all chains will be written to file. But I want to save only INPUT, OUTPUT and…
Marat Safin
  • 131
  • 1
  • 3
3
votes
3 answers

Persistent iptables

I've just read about iptables-persistent and I'm completely lost w.r.t. the design. I'm not the only one, who didn't understand how it works, but actually it seems to be way beyond my imagination. I imagined something like crontab -e: You edit a set…
maaartinus
  • 4,979
  • 7
  • 30
  • 29
3
votes
1 answer

How to combine iptables rulesets

Say there are several iptables scripts (run at boot time), all of which run something like iptables -A ... to add rules. I'm thinking this could be improved, turning all those shell scripts into text files generated by iptables-save. But I must be…
basic6
  • 6,105
  • 4
  • 24
  • 29
2
votes
0 answers

arptables-nft persistence

Introduction This is on Debian Buster with kernel 4.19.0-6 I've installed iptables-persistent and netfilter-persistent versions 1.0.11 and added a basic rule to arptables-nft to block all LAN addresses but the default gateway like so: #…
seanlum
  • 41
  • 4
2
votes
1 answer

Masquerade rule with netfilter-persistent

I use netfilter-persistent to manage a firewall. I would like to share a connection between two interfaces using masquerading (example, or another). When I run those operations by invoking iptables it works. But if I try to update firewall rules…
jlandercy
  • 135
  • 1
  • 7
2
votes
4 answers

iptables-persistent blocking any outbound connections

I use iptables-persistent to set firewall rules. This is my standard configuration: *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p tcp --dport 2123 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT…
Nerus
  • 23
  • 4
2
votes
1 answer

Debian 8 iptables-persistent setup is not correct?

I'm renting a vps with debian 8 on it. I'm trying to set up my iptables, following this blog: http://bencane.com/2012/09/iptables-linux-firewall-rules-for-a-basic-web-server/ The problem is that my setup doesn't seem to be correct. I first update my…
Jacob David C. Cunningham
  • 123
  • 1
  • 5
2
votes
1 answer

iptables rule in /etc/rc.local are not loaded

/etc/iptables.conf contains a rule to dump my outgoing packets to 10.199 network as, *filter :INPUT ACCEPT [122:9273] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [73:8165] -A OUTPUT -d 10.199.48.0/24 -j REJECT --reject-with…
user93868
2
votes
2 answers

IPtables reset on reboot, how do I tell what is causing this

Using RHEL, and I have had some "Cyber Security" people work on my server. I'm now using this server in a completely closed environment with no outward network connection, and would like my iptables set to completely off. I have used these…
trueCamelType
  • 389
  • 5
  • 16
1
vote
1 answer

Debian10 iptables-restore [legacy] just fails with simplest rule

I'm trying to set up a simple firewall with docker and I wanted to use iptables-restore. I changed the iptables used to legacy (so shouldn't use nftables if I'm right). The problem is that even a file as simple as : *filter :INPUT ACCEPT…
Brummbaer
  • 11
  • 3
1
vote
2 answers

How to get UFW to read current iptables rules after modification? (Ubuntu)

I am adding a chain using iptables: iptables -N ETDROP When I reboot, this is lost. I read of many ways to make iptables rules permanent... however You must remember, I am using UFW and UFW has this job of remembering your rules. So the question…
conanDrum
  • 437
  • 1
  • 5
  • 14
1
2 3