How to Save Iptables Rules Permanently

By default, iptables rules are note saved permanently. They are reset when you reboot your Linux system. In other words, all your iptables changes will be lost when you reboot your Linux system. In this article we will look at how to save Iptables rules permanently. There are a couple of ways to create persistent iptables rules. We will look at each of them one by one.


How to Save Iptables Rules Permanently

Basically we need to save iptables configuration onto a file using iptables-save command and then restore this file on reboot, using iptables-restore command.

Here is the syntax for iptables-save and iptables-restore commands

iptables-save > /path/to/file
iptables-restore < /path/to/file

Also read : How to Convert string to UTF-8 in Python


Save iptables rules

Open terminal and run the following command to save iptables configuration to a file of your choice (e.g. /etc/iptables.conf)

$ sudo iptables-save > /etc/iptables.conf

Please note, you need to run the above command every time you make changes to iptables on your system. It basically copies the latest iptables to the specified file.

Also read : How to Undo Git Commit


Restore iptables

You need to run the following command to restore iptables configuration

$ sudo iptables-restore < /etc/iptables.conf

Now the problem is that this command needs to be run every time your system reboots because iptables changes are reset on reboot and all your changes will be lost. So we add the above command at any of the locations such as /etc/rc.local that is used by Ubuntu to run startup scripts.

Using rc.local

We add the above command to /etc/rc.local which is run every time your system reboots. If it does not exist on your system, then run the following command to create it.

$ sudo vi /etc/rc.local

Add the following lines to it. It contains the default configuration as well as the command to restore iptables (in bold)

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

sudo iptables-restore < /etc/iptables.conf

exit 0

Save and close the file. Update its permissions to make it executable.

$ sudo chmod +x /etc/rc.local

That’s it. Now your linux system will automatically run the above script every time at reboot and thereby load iptables configuration.

Also read : How to Delete Lines in VI Editor


Using Crontab

Alternatively, you can load iptables as a cronjob on reboot. Run the following command to open crontab file.

$ sudo crontab -e

It will open the list of cronjobs in a text editor.

Add the following line to it

@reboot sudo iptables-restore < /etc/iptables.conf

@reboot indicates that the command needs to be run at every reboot. Save and close the file to apply changes.

Also read : How to Install NGINX with GeoIP Module


Using iptables-persistent (Debian/Ubuntu only)

Debian/Ubuntu users can also install iptables-persistent package which will automatically restore iptables on reboot. If you install this package then you don’t need to run iptables-restore command explicitly. This package will take care of it. Here is the command to install iptables-persistent.

$ sudo apt install iptables-persistent
## OR ##
$ sudo apt-get install iptables-persistent

Please note, if you have ufw or firewalld commands running on your system, then iptables-persistent will conflict with them and should be avoided.

In this tutorial, you have learnt how to save iptables configuration. You have also learnt the different ways to restore iptables configuration on system reboot.

Also read: How to Configure Iptables in Linux (Step by Step)