If you want your iptables rules automatically loaded every time your networking comes up on your Debian or Ubuntu server, you can follow these easy steps.
First, get your iptables rules set up the way you like them. Once you've verified that everything works, save the rules:
iptables-save > /etc/firewall.conf
Next, open up /etc/network/if-up.d/iptables in your favorite text editor and add the following:
#!/bin/sh iptables-restore < /etc/firewall.conf
Once you save it, make it executable:
chmod +x /etc/network/if-up.d/iptables
Now, the rules will be restored each time your networking scripts start (or restart). If you need to save changes to your rules in the future, you can manually edit /etc/firewall.conf or you can adjust your rules live and run:
iptables-save > /etc/firewall.conf
Thanks to Ant for this handy tip.
Thanks for the post but quick question, what's the difference between doing this and just setting a line in /etc/network/interfaces?
pre-up iptables-restore < /etc/iptables.up.rules
Thanks!
Bartek:
That method would have the same effect. I normally just try to keep the
/etc/network/interfacesclear of extra stuff, but that's just my own personal preference.Hi,I have some problems about iptables rules under Ubuntu .
Is it necessary to create some script llike that to build the firewall,Will the rules got lost when I restart the server.
I create a simple firewall with the function of NAT,then restart the server.
type commands below in the terminal:
iptables -L -v
But display nothing.
And it seemd that the NAT function and the rules made last time are still available to use.
Hoping for your email.
Thanks.
Kit -
Two have iptables start automatically with your ruleset, you have to do two things: save your ruleset somewhere and apply it at boot time. The documentation above shows you how to do that. If you simply apply your rules and reboot, your rules will be lost as soon as the machine powers down.