The fact that iptables is empty on each boot is both beautiful and iritating! You can mess everything up, and just reboot the PC to get a clean start (or just empty the rules - to be faster). But what if you want the rules to apply even after reboot? Here are a few ways to d othis:
The simplest way is to add a script called iptables in the /etc/network/if-up.d directory
#!/bin/sh iptables-restore < /etc/firewall.conf
And another script called iptables in the /etc/network/if-down.d directory
#!/bin/sh iptables-save > /etc/firewall.conf
Make them both executable (chmod +x iptables) and every time an interface goes up - it will restore all the rules, and when an interface goes down - it will save the rules. Note that /etc/firewall.conf must allready be populated with rules, so make sure to run iptables-save once you configure all the rules.
This can be done eather through /etc/rc.local or crontab
A⇒ Place the iptables-restore command before the exit 0 line
B⇒ run crontab -e and create this entry: @reboot /path/to/script (the restore script ofcourse)
To save the iptables rules, place the iptables-save script inside the /etc/rc6.d directory, and make sure thet the name starts with K99. For example executable file /etc/rc6.d/K99iptables
Simply install iptables-persistent by issuing this command
sudo apt-get install iptables-persistent
and follow the prompts. When asked, hit 'Yes' to save the current rules (on both prompts). Now - upon reboot, iptables will be populated with current rules.
If you for any reason want to change the rules - you can do so, but you have to issue theese commends afterwards:
sudo su -c 'iptables-save > /etc/iptables/rules.v4' sudo su -c 'ip6tables-save > /etc/iptables/rules.v6'
The first one to save the v4 rules, and the second one to save the v6 rules (if used).
If you don't do this - the modifications will be lost after reboot (wich could be useful)