Automatically loading iptables rules on Debian/Ubuntu

If you want your iptables rules automatically loaded every time your networking comes up on your Debian or Ubuntu server, you can follow these easy steps.

First, get your iptables rules set up the way you like them. Once you've verified that everything works, save the rules:

iptables-save > /etc/firewall.conf

Next, open up /etc/network/if-up.d/iptables in your favorite text editor and add the following:

#!/bin/sh
iptables-restore < /etc/firewall.conf

Once you save it, make it executable:

chmod +x /etc/network/if-up.d/iptables

Now, the rules will be restored each time your networking scripts start (or restart). If you need to save changes to your rules in the future, you can manually edit /etc/firewall.conf or you can adjust your rules live and run:

iptables-save > /etc/firewall.conf

Thanks to Ant for this handy tip.

This entry was posted on 16/11/2009 (Monday) at 10:39 pm and is filed under Blog Posts. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.
Printed from: http://rackerhacker.com/2009/11/16/automatically-loading-iptables-on-debianubuntu/ .
© Major Hayden 2012.

5 Comments   »

  • Bartek says:
    17.11.09 at 08:22

    Thanks for the post but quick question, what's the difference between doing this and just setting a line in /etc/network/interfaces?

    pre-up iptables-restore < /etc/iptables.up.rules

    Thanks!

  • major says:
    17.11.09 at 08:26

    Bartek:

    That method would have the same effect. I normally just try to keep the /etc/network/interfaces clear of extra stuff, but that's just my own personal preference. ;-)

  • kit says:
    01.08.10 at 03:54

    Hi,I have some problems about iptables rules under Ubuntu .
    Is it necessary to create some script llike that to build the firewall,Will the rules got lost when I restart the server.

    I create a simple firewall with the function of NAT,then restart the server.
    type commands below in the terminal:
    iptables -L -v

    But display nothing.
    And it seemd that the NAT function and the rules made last time are still available to use.

    Hoping for your email.
    Thanks.

  • Major Hayden says:
    02.08.10 at 07:29

    Kit -

    Two have iptables start automatically with your ruleset, you have to do two things: save your ruleset somewhere and apply it at boot time. The documentation above shows you how to do that. If you simply apply your rules and reboot, your rules will be lost as soon as the machine powers down.

  • Henkske says:
    30.12.10 at 15:30

    Hello,

    thank you for this howto. It really helped me.

    Do you maybe also have a howto for a dns update script? I need a script that checks my dns adresses every 5 minutes for a ip change and update the FW if the ip is indeed changed.


Trackbacks/Pingbacks

  1. Circumventing Hulu Regional Restrictions in Mac OS X | langui.sh
  2. Best practices: iptables | Racker Hacker
  3. Cargar reglas iptables automáticamente | pienso luego insisto
  4. Edno360 - Best practices: iptables

RSS feed for comments on this post

Leave a Reply

 

  • Welcome! I started this blog as a way to give back to all of the other system administrators who have taught me something in the past. Writing these posts brings me a lot of enjoyment and I hope you find the information useful. If you spot something that's incorrect or confusing, please write a comment and let me know. Drop me a line if there's something you want to know more about and I'll do my best to write a post on the topic.
    -- Major Hayden

    Flattr this