I add this rule:
sudo iptables -t nat -A OUTPUT -d a.b.c.d -p tcp \
--dport 1723 -j DNAT --to-destination a.b.c.d:10000
- When restart computer rules are deleted. Why?
- What I can do to make the rules persist?
Add a comment
|
6 Answers
On Debian, install iptables-persistent:
sudo apt-get install iptables-persistent
The package will automatically load /etc/iptables/rules for you during boot.
Any time you modify your rules, run /sbin/iptables-save > /etc/iptables/rules.v4 to save them. You can also add that to the shutdown sequence if you like.
-
21There are two different rule files:
/etc/iptables/rules.v4and/etc/iptables/rules.v6for IPv4 and IPv6 respectively. If you want a table to apply to both kinds of connections you have to save it to both rule files.PetaspeedBeaver– PetaspeedBeaver2014-01-23 15:51:37 +00:00Commented Jan 23, 2014 at 15:51 -
19Don't add it to your shutdown sequence! If you botch your rules during changes/setup at least a good old reboot will get things back to the previously working state.VertigoRay– VertigoRay2017-02-27 23:03:14 +00:00Commented Feb 27, 2017 at 23:03
-
1If you want to save both kinds of rules (IPv4 & IPv6, as described by @PetaspeedBeaver) you need to use the
ip6tablesandip6tables-savecommand. So, it'siptables-save > /etc/iptables/rules.v4for IPv4 iptables rules andip6tables-save > /etc/iptables/rules.v6for IPv6 iptables rules.miu– miu2023-08-30 14:13:38 +00:00Commented Aug 30, 2023 at 14:13
There is no option in iptables which will make your rules permanent. But you can use iptables-save and iptables-restore to fulfill your task.
First add the iptable rule using the command you gave.
Then save iptables rules to some file like /etc/iptables.conf using following command:
$ iptables-save > /etc/iptables.conf
Add the following command in /etc/rc.local to reload the rules in every reboot.
$ iptables-restore < /etc/iptables.conf
answered Oct 19, 2012 at 22:01
-
22On Debian there is the
iptables-persistentpackage which will do this.bahamat– bahamat2012-10-20 00:09:19 +00:00Commented Oct 20, 2012 at 0:09 -
12It's rather bad idea to place it in
rc.localsince there would be an open window gap between services start and firewall policy apply. I do prefer usingpre-uphook for loopback interface in/etc/network/interfacesto overcome this.poige– poige2012-10-20 11:07:10 +00:00Commented Oct 20, 2012 at 11:07 -
4@bahamat: Installing that package is the best solution, It deserves it's own answer.J. M. Becker– J. M. Becker2012-10-20 14:54:20 +00:00Commented Oct 20, 2012 at 14:54
-
1
-
1did not work for me on Raspbian Jessie ...Flash Thunder– Flash Thunder2017-01-29 14:12:15 +00:00Commented Jan 29, 2017 at 14:12
After installing iptables-persistent above you can also save rules with the following shorter command on Ubuntu 16.04+:
sudo netfilter-persistent save
And they can also be restored back to how they were last time you saved them with:
sudo netfilter-persistent reload
Because you did not save the iptables rules.
You can do that by using sudo iptables-save
answered May 27, 2020 at 23:35
-
2That command only shows the rules on the console.PhoneixS– PhoneixS2020-09-29 16:34:01 +00:00Commented Sep 29, 2020 at 16:34
- Install
iptables-persistentpackage - Whenever you change the rules of iptables, you should save the backup into following file using following command:
iptables-save -f /etc/iptables/rules.v4 (for iptables)
iptables-save -f /etc/iptables/rules.v6 (for ip6tables)
First install the persist iptables (ubunut or debian)
apt install iptables-persistent
Run your statement:
iptables -A INPUT -s 0/0 -p tcp --dport 5433 -j ACCEPT
Then save the settings
iptables-save
Finally restart the machine to verify
reboot
-
1
-
duplicate answer of unix.stackexchange.com/a/52522/72456αғsнιη– αғsнιη2021-08-17 14:17:49 +00:00Commented Aug 17, 2021 at 14:17
-
iptables-savedoes not save anything. Read the manual:man iptables-save.stackprotector– stackprotector2022-03-11 15:39:38 +00:00Commented Mar 11, 2022 at 15:39