This content originally appeared on DEV Community and was authored by Or Yaacov
If you are using iptables, it's very likely that you wish to make it persistent, and restore your firewall rules after a reboot.
I'll present here 3 ways to make your iptables persistent:
- using
systemd,my personal favorite way, since it works for all Linux distributions and without requiring 3rd party software. - using
iptables-persistentmostly for DEB-based Linux distributions, required 3rd party software - using
iptables-servicesfor RPM-based Linux distributions, required 3rd party software
systemd
systemd is a system and service manager for Linux operating systems. Using systemd we can run a script file after boot, that will restore our firewall rules and make it persistent without installing a 3rd party software.
first let's create the script that we wish to run to restore our firewall:
sudo vi /etc/iptables-persistent/restore.sh
with the following script:
#!/bin/sh
/usr/bin/flock /run/.iptables-restore /sbin/iptables-restore < {{your ip tables dump file}}
next we will need to create an host file for our systemd service using:
sudo vi /etc/systemd/system/iptables-persistent.service
and paste the following
[Unit]
Description=iptables persistent service
ConditionFileIsExecutable=/etc/iptables/restore-iptables.sh
After=network.target
[Service]
Type=forking
ExecStart=/etc/iptables/restore-iptables.sh
start TimeoutSec=0
RemainAfterExit=yes
GuessMainPID=no
[Install]
WantedBy=multi-user.target
great, now all that is left to do is simply enable our service by running the following command:
sudo systemctl enable iptables-persistent.service
iptables-persistent (DEB)
iptables-persistent automatically loads your saved ip-tables rules after a reboot.
First step will be to install iptables-persistent using sudo apt-get install iptables-persistent
since iptables-persistant will look for two dump files:
/etc/iptables/rules.v4 #for ipv4 rules
/etc/iptables/rules.v6 #for, wait for it, ipv6 rules
which you can easily create running the following commands:
sudo iptables-save > /etc/iptables/rules.v4
sudo ip6tables-save > /etc/iptables/rules.v6
Depends on your OS version, behind the scenes iptables-persistent works with netfilter-persistent.service you can verify that your service up and running using sudo systemctl status netfilter-persistent.service
and your output should look like the following:
netfilter-persistent.service - netfilter persistent
configuration
Loaded: loaded (/lib/systemd/system/netfilter-persistent.service; enabled; ve
Active: active (exited) since Sat 2022–04–09 18:14:42 IDT; 29min ago
iptables-services (RPM)
iptables-services contains a persistent utility that loads your saved ip-tables rules after a reboot.
Let's start with installing iptables-services using sudo dnf install iptables-services
after installing iptables-services we will need to make sure that our service is up and that firewalld is disabled and won't interfere with our iptables configuration, using the following commands:
sudo systemctl stop firewalld
sudo systemctl disable firewalld
sudo systemctl start iptables
sudo systemctl enable iptables
since iptables-services will look for two dump files:
/etc/sysconfig/iptables #for ipv4 rules
/etc/sysconfig/ip6tables #for, wait for it, ipv6 rules
which you can easily create running the following commands:
sudo iptables-save > /etc/iptables/rules.v4
sudo ip6tables-save > /etc/iptables/rules.v6
and that's it, you can feel free to reboot your machine without losing your changes :)
This content originally appeared on DEV Community and was authored by Or Yaacov
Or Yaacov | Sciencx (2022-04-23T15:32:08+00:00) 3 ways to make iptables persistent. Retrieved from https://www.scien.cx/2022/04/23/3-ways-to-make-iptables-persistent/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.