1

I am adding a chain using iptables:

iptables -N ETDROP

When I reboot, this is lost. I read of many ways to make iptables rules permanent... however

You must remember, I am using UFW and UFW has this job of remembering your rules.

So the question is, how do I get UFW to realize that a new rule has just been added directly by iptables?

I tried ufw reload but no cookie.

Improve this question
7
  • cross-site duplicate: serverfault.com/questions/198398/… Commented Jun 22, 2019 at 8:45
  • I disagree.... If there is no way for UFW to import iptables then the accepted answer should be "This is impossible. you must use other methods." Commented Jun 22, 2019 at 8:49
  • Can ufw actually READ iptables or does it only WRITE? Commented Jun 22, 2019 at 8:53
  • The question is wrong. ufw does not have the job of remembering your (iptables) rules; it has the job of remembering the iptables rules which it added. ufw is to simplify iptables management for people with simple requirements; not a global replacement for the iptables command line. Commented Jun 22, 2019 at 8:54
  • excellent.. so you allege that ufw can only WRITE into iptables... never read them Commented Jun 22, 2019 at 8:55

2 Answers 2

Reset to default
0

iptables are not persistent by default. You need to save them and re-load on startup. There is a package to do that automatically for that on most distrebutions.

On Ubuntu, Debian, Mint try:

sudo apt-get install iptables-persistent
Improve this answer
1
  • I know that, but it should not be necessary as UFW does exactly that Commented Jun 22, 2019 at 8:04
0

Based on various member's input, it seems that the answer is that:

UFW can not IMPORT iptables rules, it can only write them.

UFW command->UFW->iptables and never the other way round.

So if you use UFW and want to add some complicated rule, you are stuffed! e.g. adding a zone.

Work arounds

  1. Use only iptables with iptables-persistent to reload its configuration on reboot.
  2. Hybrid solution by editing ufw init files:
    Add your custom iptable 'compatible' rules in:
    /etc/ufw/before.rules or /etc/ufw/after.rules or /etc/ufw/user.rules
    These will be read by UFW after you restart it.
  3. Hybrid solution by editing startup files e.g. rc.local
    Add your iptables command in a startup script and it will be available after reboot!
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.