Save iptables Rules After Reboot

This guide explains how to keep your Linux firewall rules (iptables) safe even after a reboot. We’ll use simple commands and examples for Ubuntu, CentOS 7, and other Linux systems.

---

Why Save iptables Rules?

iptables is like a security guard for your Linux system. It controls incoming and outgoing traffic. But by default, iptables rules disappear after a reboot. This guide shows you how to make them permanent.

---

3 Easy Ways to Save iptables Rules

1. Manual Method: Save and Restore Rules

This works on all Linux systems (Ubuntu, CentOS, etc.).

Steps:

1. Save your current rules to a file:

   sudo iptables-save > /home/user/my_iptables_rules.txt  

   (Replace /home/user/ with your home folder.)

2. Restore rules after reboot by adding this line to /etc/rc.local (a startup script):

   sudo iptables-restore < /home/user/my_iptables_rules.txt  

Example:

• You block a malicious IP (192.168.1.100) with:

  sudo iptables -A INPUT -s 192.168.1.100 -j DROP  

• Save it with:

  sudo iptables-save > /home/user/block_malicious_ip.txt  

Fix Common Errors:

• “Permission denied”: Use sudo before commands.
• “Command not found”: Install iptables with sudo apt install iptables (Ubuntu) or sudo yum install iptables (CentOS).

---

2. Ubuntu/Debian: Use iptables-persistent

This tool automatically saves and restores rules.

Steps:

1. Install it:

   sudo apt update  
   sudo apt install iptables-persistent  

2. During installation, say “Yes” to save current rules.

3. To save rules later:

   sudo netfilter-persistent save  

Example:

• You allow SSH (port 22) with:

  sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT  

• Save it with:

  sudo netfilter-persistent save  

Where Are Rules Stored?

• IPv4 rules: /etc/iptables/rules.v4
• IPv6 rules: /etc/iptables/rules.v6

---

3. CentOS 7: Use iptables-services

CentOS 7 uses firewalld by default, but you can switch to iptables.

Steps:

1. Stop and disable firewalld:

   sudo systemctl stop firewalld  
   sudo systemctl disable firewalld  

2. Install iptables services:

   sudo yum install iptables-services  

3. Save rules:

   sudo service iptables save  

4. Start iptables on boot:

   sudo systemctl enable iptables  
   sudo systemctl start iptables  

Example:

• You block ping requests with:

  sudo iptables -A INPUT -p icmp --icmp-type echo-request -j DROP  

• Save it with:

  sudo service iptables save  

---

Troubleshooting

Problem 1: Rules Disappear After Reboot

• Fix: Check if you saved rules correctly (e.g., sudo netfilter-persistent save on Ubuntu).
• Check: Look for errors in /var/log/syslog or journalctl -xe.

Problem 2: “iptables-save Permission Denied”

• Fix: Always use sudo (e.g., sudo iptables-save).

Problem 3: Conflict with firewalld (CentOS)

• Fix: Either stick to firewalld or fully switch to iptables (as shown above).

---

Best Practices

1. Backup Rules: Save rules before making changes.

   sudo iptables-save > /home/user/backup_rules.txt  

2. Test Rules: Apply rules temporarily (sudo iptables-restore < file.txt) and test before saving.
3. Add Comments: Use -m comment --comment "My rule" to explain rules.

---

Conclusion

Now you know how to save iptables rules permanently on any Linux system! Use:

• Manual method (for all systems),
• iptables-persistent (Ubuntu/Debian), or
• iptables-services (CentOS 7).

For more help, check:

• man iptables (manual page)
• Netfilter Docs

---