Show pageOld revisionsBacklinksExport to PDFBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Automatic load of iptables rules on Ubuntu ====== The fact that iptables is empty on each boot is both beautiful and iritating! You can mess everything up, and just reboot the PC to get a clean start (or just empty the rules - to be faster). But what if you want the rules to apply even after reboot? Here are a few ways to d othis: - Create a save/restore script in the if-up/if-down folder - Create a save/restore script that runs on boot/shutdown - Use iptables-persistent ===== The if-up.d and if-down.d method ===== The simplest way is to add a script called iptables in the /etc/network/if-up.d directory <code bash> #!/bin/sh iptables-restore < /etc/firewall.conf </code> And another script called iptables in the /etc/network/if-down.d directory <code bash> #!/bin/sh iptables-save > /etc/firewall.conf </code> Make them both executable (chmod +x iptables) and every time an interface goes up - it will restore all the rules, and when an interface goes down - it will save the rules. Note that /etc/firewall.conf must allready be populated with rules, so make sure to run iptables-save once you configure all the rules. ===== The startup and shutdown method ===== This can be done eather through /etc/rc.local or crontab A=> Place the iptables-restore command before the **exit 0** line\\ B=> run **crontab -e** and create this entry:** @reboot /path/to/script** (the restore script ofcourse) To save the iptables rules, place the iptables-save script inside the /etc/rc6.d directory, and make sure thet the name starts with K99. For example executable file /etc/rc6.d/K99iptables ===== The iptables-persistent method ===== Simply install iptables-persistent by issuing this command <code bash> sudo apt-get install iptables-persistent </code> and follow the prompts. When asked, hit 'Yes' to save the current rules (on both prompts). Now - upon reboot, iptables will be populated with current rules. If you for any reason want to change the rules - you can do so, but you have to issue theese commends afterwards: <code bash> sudo su -c 'iptables-save > /etc/iptables/rules.v4' sudo su -c 'ip6tables-save > /etc/iptables/rules.v6' </code> The first one to save the v4 rules, and the second one to save the v6 rules (if used). If you don't do this - the modifications will be lost after reboot (wich could be useful) linux/networking/iptables.txt Last modified: 2019/10/31 09:05by 127.0.0.1