06-25-2020, 03:05 PM
I find it very difficult to believe that there was no useful information on this subject when you did a search on Google and similar search engines.
When it comes to iptables, I can think of 2 methods:
iptables-save & iptables-restore
iptables-save
iptables-restore
To automate this you have to create a cronjob that runs the iptables-restore commands at boot/reboot to load the rules. Don't forget to always save your rules when you add new rules or modify existing rules.
iptables-persistent
iptables-persistent is a software package that you can install with your package manager. It also has a save command that will automatically save IPv4 and IPv6 rules. With this solution you don't require any cronjob to restore the rules. The software will do it for you automatically on boot/reboot.
References
For CentOS 7 and above you no longer really use iptables because RHEL 7 and above comes with firewalld.
To save rules in firewalld you simply add the permanent flag/option to your command.
Example:
After that reload the rules to apply the rule as it is not instantly applied like with iptables:
Of course you can actually disable firewalld and use iptables: https://serverfault.com/a/739465
When it comes to iptables, I can think of 2 methods:
- iptables-save & iptables-restore (manual method, can be automated through cronjob)
- iptables-persistent (automated method)
iptables-save & iptables-restore
iptables-save
Code: (Select All)
iptables-save > /etc/iptables/rules.v4 (Debian/Ubuntu)
iptables-save > /etc/sysconfig/iptables (RHEL/CentOS)
ip6tables-save > /etc/iptables/rules.v6 (IPv6 Debian/Ubuntu)
ip6tables-save > /etc/sysconfig/ip6tables (IPv6 RHEL/CentOS)iptables-restore
Code: (Select All)
iptables-restore > /etc/iptables/rules.v4 (Debian/Ubuntu)
iptables-restore > /etc/sysconfig/iptables (RHEL/CentOS)
ip6tables-restore > /etc/iptables/rules.v6 (IPv6 Debian/Ubuntu)
ip6tables-restore > /etc/sysconfig/ip6tables (IPv6 RHEL/CentOS)To automate this you have to create a cronjob that runs the iptables-restore commands at boot/reboot to load the rules. Don't forget to always save your rules when you add new rules or modify existing rules.
iptables-persistent
iptables-persistent is a software package that you can install with your package manager. It also has a save command that will automatically save IPv4 and IPv6 rules. With this solution you don't require any cronjob to restore the rules. The software will do it for you automatically on boot/reboot.
References
- https://blog.sleeplessbeastie.eu/2018/09...ersistent/ (start reading from "Use boot-time loader for firewall rules")
- https://sharadchhetri.com/save-iptables-...on-ubuntu/
For CentOS 7 and above you no longer really use iptables because RHEL 7 and above comes with firewalld.
To save rules in firewalld you simply add the permanent flag/option to your command.
Example:
Code: (Select All)
firewall-cmd --zone=public --add-port=80/tcp --permanentAfter that reload the rules to apply the rule as it is not instantly applied like with iptables:
Code: (Select All)
firewall-cmd --reloadOf course you can actually disable firewalld and use iptables: https://serverfault.com/a/739465
![[Image: zHHqO5Q.png]](https://i.imgur.com/zHHqO5Q.png)