If you want your iptables rules automatically loaded every time your networking comes up on your Debian or Ubuntu server, you can follow these easy steps.
First, get your iptables rules set up the way you like them. Once you've verified that everything works, save the rules:
iptables-save > /etc/firewall.conf
Next, open up /etc/network/if-up.d/iptables in your favorite text editor and add the following:
#!/bin/sh iptables-restore < /etc/firewall.conf
Once you save it, make it executable:
chmod +x /etc/network/if-up.d/iptables
Now, the rules will be restored each time your networking scripts start (or restart). If you need to save changes to your rules in the future, you can manually edit /etc/firewall.conf or you can adjust your rules live and run:
iptables-save > /etc/firewall.conf
Thanks to Ant for this handy tip.
Thanks for the post but quick question, what's the difference between doing this and just setting a line in /etc/network/interfaces?
pre-up iptables-restore < /etc/iptables.up.rules
Thanks!
Bartek:
That method would have the same effect. I normally just try to keep the
/etc/network/interfacesclear of extra stuff, but that's just my own personal preference.