Save iptables permanently on Ubuntu

In this post we will learn about how to save iptables permanently on Ubuntu.When we work on Red hat based Operating system like RHEL and CentOS.We can permanently set the iptables rule in /etc/sysconfig/iptables file .
When you work on Ubuntu Operating System,you may find you are only able to set the iptables rule temporarily. After using iptables command and system get restarted,the iptables rules will be cleared.
To make the iptables rules permanently set on Ubuntu system.We will use the package called iptables-persistent.

Save iptables permanently on Ubuntu

Follow the given below steps to set the iptables permanently in Ubuntu system.

Step 1: Install iptables-persistent package

sudo apt-get update
sudo apt-get install iptables-persistent

On screen you will the get the choices for IPV4 and IPV6 rule set,to be installed.The screen will come during installation of iptables-persistent

The below given screen is for selecting IPv4
iptables ubuntu

The below given screen is for selecting IPv6(if you do not want to install for IPv6,select no)
iptables ubuntu IPV6

Step 2: The installation will take a few seconds/minutes. After installation of iptables-persistent get completed.Start the service

service iptables-persistent start

NOTE : Same way you can also restart/stop/reload the service

For stopping iptables-persistent service

service iptables-persistent stop

For restarting iptables-persistent service

service iptables-persistent restart

For reloading iptables-persistent service

service iptables-persistent reload

Step 3: The iptables-persistent service should be running. Now you can set the iptables rule and save it to applicable IP version (i.e IPv4/IPv6)

For eg. We want to set iptables (IPv4) for port no. 27017 and 28017 (i.e mongodb)

iptables -A INPUT -s -m state --state NEW -p tcp --dport 27017  -j ACCEPT
iptables  -A INPUT -s -m state --state NEW -p tcp --dport 28017  -j ACCEPT

This is important part.After setting rule,we will save the IPTABLES in /etc/iptables/rules.v4 file. Run the below command

iptables-save > /etc/iptables/rules.v4

Alternatively, rather than using the iptables-save command.You can also edit the /etc/iptables/rules.v4 file .

Be careful,the rules should be written above COMMIT word line.See the below given example

[email protected]:~# cat /etc/iptables/rules.v4
# Generated by iptables-save v1.4.12 on Sun Feb 16 14:29:05 2014
:INPUT ACCEPT [34:2600]
:OUTPUT ACCEPT [17:1812]
-A INPUT -s -p tcp -m state –state NEW -m tcp –dport 27017 -j ACCEPT
-A INPUT -s -p tcp -m state –state NEW -m tcp –dport 28017 -j ACCEPT
# Completed on Sun Feb 16 14:29:05 2014
[email protected]:~#

When you have iptables with IPv6, follow the same steps.Instead of using command iptables-save > /etc/iptables/rules.v4.You have to use below given command

ip6tables-save > /etc/iptables/rules.v6

Similarly to IPv4,alternatively you can also edit the file /etc/iptables/rules.v6

Step 4: You can test the server by restarting the system.You can test the practical in staging machine,before applying it to production server.

The below given command will restart the system
sudo init 6

Note: The tutorial is about IPTABLE. Hence, we are not discussing about ufw command


  1. Jesús Gómez says

    I noticed you use the same save command for ipv4 and ipv6:

    iptables-save > /etc/iptables/rules.v4
    iptables-save > /etc/iptables/rules.v6

    So both files will have the same content.

    Is that right or it is a typo?.

Leave a Reply

Your email address will not be published. Required fields are marked *