If you want your iptables rules automatically loaded every time your networking comes up on your Debian or Ubuntu server, you can follow these easy steps.
First, get your iptables rules set up the way you like them. Once you’ve verified that everything works, save the rules:
iptables-save > /etc/firewall.conf |
Next, open up /etc/network/if-up.d/iptables in your favorite text editor and add the following:
#!/bin/sh iptables-restore < /etc/firewall.conf |
Once you save it, make it executable:
chmod +x /etc/network/if-up.d/iptables |
Now, the rules will be restored each time your networking scripts start (or restart). If you need to save changes to your rules in the future, you can manually edit /etc/firewall.conf or you can adjust your rules live and run:
iptables-save > /etc/firewall.conf |
Thanks to Ant for this handy tip.
[...] you’ve run these you can save them so they execute every time your VM boots by following these quick instructions. This completes the server side [...]
Thanks for the post but quick question, what’s the difference between doing this and just setting a line in /etc/network/interfaces?
pre-up iptables-restore < /etc/iptables.up.rules
Thanks!
Bartek:
That method would have the same effect. I normally just try to keep the
/etc/network/interfacesclear of extra stuff, but that’s just my own personal preference. ;-)[...] Red Hat-based distributions offer /etc/init.d/iptables save, but Debian and Ubuntu require some manual labor. An errant reboot would easily take out your unsaved rules, so save them often. This entry was [...]
Hi,I have some problems about iptables rules under Ubuntu .
Is it necessary to create some script llike that to build the firewall,Will the rules got lost when I restart the server.
I create a simple firewall with the function of NAT,then restart the server.
type commands below in the terminal:
iptables -L -v
But display nothing.
And it seemd that the NAT function and the rules made last time are still available to use.
Hoping for your email.
Thanks.
Kit –
Two have iptables start automatically with your ruleset, you have to do two things: save your ruleset somewhere and apply it at boot time. The documentation above shows you how to do that. If you simply apply your rules and reboot, your rules will be lost as soon as the machine powers down.
[...] http://rackerhacker.com/2009/11/16/automatically-loading-iptables-on-debianubuntu/ Digg this postRecommend on FacebookBuzz it upshare via RedditShare with StumblersTweet about [...]
Hello,
thank you for this howto. It really helped me.
Do you maybe also have a howto for a dns update script? I need a script that checks my dns adresses every 5 minutes for a ip change and update the FW if the ip is indeed changed.
[...] Red Hat-based distributions offer /etc/init.d/iptables save, but Debian and Ubuntu require some manual labor. An errant reboot would easily take out your unsaved rules, so save them often. This entry was [...]
Thanks!
This is the cleanest way i have seen to accomplish this.
Coupled with iptables country blocking tuturial below, its the best way to get the Chinese Robots / Hackers to stop wasting my bandwidth.
http://roberthaddon.blogspot.com
Thank you, very helpful.