How to make iptables persistent after reboot on Linux

The iptables firewall on Linux systems is a very useful feature that allows system administrators to control, with granular precision, what network traffic is permitted or denied to the system.

Experienced Linux administrators likely know the frustration and pain that comes with a system reboot completely wiping a system’s iptables rules. That is because iptables rules, by default, will not persist after a reboot. After configuring your system’s iptables rules, there is one more important step thay you must do in order to make sure the rules are still there after a reboot.

In this tutorial, you will see how to make iptables rules persistent after reboot on all major Linux distributions, including DEB and RPM based systems.

In this tutorial you will learn:

  • How to install iptables-persistent package on DEB distros
  • How to install iptables-services package on RPM distros
  • How to use iptables-save command to make rules persist after reboot
  • How to remove saved rules
How to make iptables persistent after reboot on Linux
How to make iptables persistent after reboot on Linux
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Any DEB or RPM based Linux system
Software iptables, iptables-persistent, iptables-services
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

How to make iptables rules persistent after reboot on Linux step by step instructions



Twitter icon Follow LinuxConfig.org on Twitter for the latest tips and tricks about Linux!

DID YOU KNOW?
Some iptables front ends, such as firewalld for Red Hat based systems and ufw for Ubuntu based systems, will automatically save your rules for you and they will persist even after reboot.

Before proceeding, make sure that you already have some rules configured on your system. In particular, this tutorial assumes that you have configured the rules with iptables, rather than a front end firewall application like firewalld or ufw.

To see the rules on your system, you can use the following iptables command.

$ sudo iptables -L

Depending on the Linux distro you are using, follow the correct section below in order to save your configured iptables rules.

NOTE
DEB based systems are distros like Debian, Ubuntu, Linux Mint, and other derivatives. RPM based systems include Red Hat, Fedora, CentOS, AlmaLinux, Rocky Linux, and other Red Hat based distros. This also includes openSUSE.

Save iptables rules on DEB based systems

  1. In order to make your iptables rules persistent after reboot, install the iptables-persistent package using the apt package manager:
    $ sudo apt install iptables-persistent
    

    Any currently erected iptables rules will be saved to the corresponding IPv4 and IPv6 files below:

    /etc/iptables/rules.v4
    /etc/iptables/rules.v6
    
  2. To update persistent iptables with new rules simply use iptables command to include new rules into your system. To make changes permanent after reboot run iptables-save command:
    $ sudo iptables-save > /etc/iptables/rules.v4
    OR
    $ sudo ip6tables-save > /etc/iptables/rules.v6
    
  3. To remove persistent iptables rules simply open a relevant /etc/iptables/rules.v* file and delete lines containing all unwanted rules.


Save iptables rules on RPM based systems

  1. In order to make your iptables rules persistent after reboot, install the iptables-services package using the dnf package manager:
    $ sudo dnf install iptables-services
    

    Any currently erected iptables rules will be saved to the corresponding IPv4 and IPv6 files below:

    /etc/sysconfig/iptables
    /etc/sysconfig/ip6tables
    
  2. Make sure that you disable firewalld and enable the iptables service in systemd.
    $ sudo systemctl stop firewalld
    $ sudo systemctl disable firewalld
    $ sudo systemctl start iptables
    $ sudo systemctl enable iptables
    

    You can then make sure that the service is running with the following command:

    $ sudo systemctl status iptables
    
  3. To update persistent iptables with new rules simply use iptables command to include new rules into your system. To make changes permanent after reboot run iptables-save command:
    $ sudo iptables-save > /etc/sysconfig/iptables
    OR
    $ sudo ip6tables-save > /etc/sysconfig/ip6tables
    
  4. To remove persistent iptables rules simply open a relevant /etc/sysconfig/iptables or /etc/sysconfig/ip6tables file and delete lines containing all unwanted rules.

Closing Thoughts




In this tutorial, we saw how to make iptables rules persistent after a reboot on DEB and RPM based Linux distributions. Many systems these days have their own iptables front end, such as firewalld or ufw, which make the firewall more user friendly and will also save your rules by default. However, many Linux administrators still prefer to work directly with iptables, and the extra iptables-save utility is necessary in order to make sure all of your iptables rules persist after a reboot.



Comments and Discussions
Linux Forum