Save iptables permanently on Ubuntu

In this post we will learn about how to save iptables permanently on Ubuntu.When we work on Red hat based Operating system like RHEL and CentOS.We can permanently set the iptables rule in /etc/sysconfig/iptables file .
When you work on Ubuntu Operating System,you may find you are only able to set the iptables rule temporarily. After using iptables command and system get restarted,the iptables rules will be cleared.
To make the iptables rules permanently set on Ubuntu system.We will use the package called iptables-persistent.

Save iptables permanently on Ubuntu

Follow the given below steps to set the iptables permanently in Ubuntu system.

Step 1: Install iptables-persistent package

On screen you will the get the choices for IPV4 and IPV6 rule set,to be installed.The screen will come during installation of iptables-persistent

The below given screen is for selecting IPv4
iptables ubuntu

The below given screen is for selecting IPv6(if you do not want to install for IPv6,select no)
iptables ubuntu IPV6

Step 2: The installation will take a few seconds/minutes. After installation of iptables-persistent get completed.Start the service

NOTE : Same way you can also restart/stop/reload the service

For stopping iptables-persistent service

For restarting iptables-persistent service

For reloading iptables-persistent service

Step 3: The iptables-persistent service should be running. Now you can set the iptables rule and save it to applicable IP version (i.e IPv4/IPv6)

For eg. We want to set iptables (IPv4) for port no. 27017 and 28017 (i.e mongodb)

This is important part.After setting rule,we will save the IPTABLES in /etc/iptables/rules.v4 file. Run the below command

Alternatively, rather than using the iptables-save command.You can also edit the /etc/iptables/rules.v4 file .

Be careful,the rules should be written above COMMIT word line.See the below given example

root@ubuntu:~# cat /etc/iptables/rules.v4
# Generated by iptables-save v1.4.12 on Sun Feb 16 14:29:05 2014
*filter
:INPUT ACCEPT [34:2600]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [17:1812]
-A INPUT -s 192.168.56.0/24 -p tcp -m state –state NEW -m tcp –dport 27017 -j ACCEPT
-A INPUT -s 192.168.56.0/24 -p tcp -m state –state NEW -m tcp –dport 28017 -j ACCEPT
COMMIT
# Completed on Sun Feb 16 14:29:05 2014
root@ubuntu:~#

When you have iptables with IPv6, follow the same steps.Instead of using command iptables-save > /etc/iptables/rules.v4.You have to use below given command

Similarly to IPv4,alternatively you can also edit the file /etc/iptables/rules.v6

Step 4: You can test the server by restarting the system.You can test the practical in staging machine,before applying it to production server.

The below given command will restart the system
sudo init 6

Note: The tutorial is about IPTABLE. Hence, we are not discussing about ufw command

About sharad chhetri

Sharad Chhetri is a experienced Linux System Engineer. He loves Linux,Open Source Technology,Wordpress and comedy movies. If you like any of our posts or blog, sincerely recommend you to donate to any charity/open source organisation/needful . We love to hear about your donation at [email protected] . We have already received donations feedback from awesome people. Will you be the next !!

Leave a Reply