+- Post4VPS Forum | Free VPS Provider (https://post4vps.com)
+-- Forum: Geek World (https://post4vps.com/Forum-Geek-World)
+--- Forum: Software (https://post4vps.com/Forum-Software)
+--- Thread: Save iptables on Linux (/Thread-Save-iptables-on-Linux)
Save iptables on Linux - hamed - 06-25-2020
heelo .
i want to save iptables rules for ever in my linux server but when i restart server rules got removed and i should to put iptables commands again to set rules ... how can i save it for ever?
i searched the internet and many users had this problem, but they were not answered correctly.
is there any software that will automatically put the iptables command after restart?
i even wrote that command in crontab so that crontab would enter iptables commands for me after each restart, but he wouldn't do that, I don't know why. (i entered the commands correctly).i'm really confused, I don't know what to do. Please help me .
RE: Save iptables on Linux - Mashiro - 06-25-2020
I find it very difficult to believe that there was no useful information on this subject when you did a search on Google and similar search engines.
When it comes to iptables, I can think of 2 methods:
- iptables-save & iptables-restore (manual method, can be automated through cronjob)
- iptables-persistent (automated method)
iptables-save & iptables-restore
iptables-save
Code:
iptables-save > /etc/iptables/rules.v4 (Debian/Ubuntu)
iptables-save > /etc/sysconfig/iptables (RHEL/CentOS)
ip6tables-save > /etc/iptables/rules.v6 (IPv6 Debian/Ubuntu)
ip6tables-save > /etc/sysconfig/ip6tables (IPv6 RHEL/CentOS)iptables-restore
Code:
iptables-restore > /etc/iptables/rules.v4 (Debian/Ubuntu)
iptables-restore > /etc/sysconfig/iptables (RHEL/CentOS)
ip6tables-restore > /etc/iptables/rules.v6 (IPv6 Debian/Ubuntu)
ip6tables-restore > /etc/sysconfig/ip6tables (IPv6 RHEL/CentOS)To automate this you have to create a cronjob that runs the iptables-restore commands at boot/reboot to load the rules. Don't forget to always save your rules when you add new rules or modify existing rules.
iptables-persistent
iptables-persistent is a software package that you can install with your package manager. It also has a save command that will automatically save IPv4 and IPv6 rules. With this solution you don't require any cronjob to restore the rules. The software will do it for you automatically on boot/reboot.
References
- https://blog.sleeplessbeastie.eu/2018/09/10/how-to-make-iptables-configuration-persistent/ (start reading from "Use boot-time loader for firewall rules")
- https://sharadchhetri.com/save-iptables-permanently-on-ubuntu/
For CentOS 7 and above you no longer really use iptables because RHEL 7 and above comes with firewalld.
To save rules in firewalld you simply add the permanent flag/option to your command.
Example:
Code:
firewall-cmd --zone=public --add-port=80/tcp --permanentAfter that reload the rules to apply the rule as it is not instantly applied like with iptables:
Code:
firewall-cmd --reloadOf course you can actually disable firewalld and use iptables: https://serverfault.com/a/739465
RE: Save iptables on Linux - humanpuff69 - 06-26-2020
for me i use iptables-persistent package . on ubuntu i just use apt-get install iptables-persistent to install it
another alternative is to save the iptables each time you make a changes that works and make a startup script to import the saved iptables
but for easier use . use ufw instead . it is much easier than iptables and persistence .