Saving an iptables configuration permanently
How can I save this configuration permanently?
sudo iptables -t nat -A POSTROUTING -s 10.10.0.0/16 -o eth0 -j MASQUERADE
ubuntu iptables
add a comment |
How can I save this configuration permanently?
sudo iptables -t nat -A POSTROUTING -s 10.10.0.0/16 -o eth0 -j MASQUERADE
ubuntu iptables
add a comment |
How can I save this configuration permanently?
sudo iptables -t nat -A POSTROUTING -s 10.10.0.0/16 -o eth0 -j MASQUERADE
ubuntu iptables
How can I save this configuration permanently?
sudo iptables -t nat -A POSTROUTING -s 10.10.0.0/16 -o eth0 -j MASQUERADE
ubuntu iptables
ubuntu iptables
edited Jan 28 '14 at 16:42
Stéphane Chazelas
302k56568920
302k56568920
asked Jan 28 '14 at 16:37
SajadSajad
143110
143110
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
You need to add that command to a file that gets executed on startup, for example to /etc/rc.local
. You can also remove the sudo
prefix then because this file is executed as root
anyway.
You could also install and use the package iptables-persistent
:
martin@dogmeat ~ % aptitude show iptables-persistent
Package: iptables-persistent
State: not installed
Version: 0.5.7
Priority: optional
Section: universe/admin
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: all
Uncompressed Size: 62.5 k
Depends: iptables, lsb-base, debconf (>= 0.5) | debconf-2.0
Description: boot-time loader for iptables rules
This package provides a system startup script that restores iptables rules from a configuration file.
Since this is aimed at experienced administrators, there is no configuration wizard.
According to the documentation, it reads the rules from /etc/iptables/rules
.
Theiptables-persistent
package is the easiest, least-technical method of getting it working, +1 to that answer.)
– Thomas Ward
Jan 28 '14 at 18:12
add a comment |
Using iptables-save and iptables-restore you can save the actual rules to a file like this:
iptables-save > /etc/iptables.rules
You can add in /etc/network/interfaces file this:
pre-up iptables-restore < /etc/iptables.rules
And this line in the same to save before shutdown your machine:
post-down iptables-save > /etc/iptables.rules
Anyway you can find all the info in the Community Ubuntu Documentations - How to Iptables
I've seen that in the Ubuntu wiki too, but I don't really like that solution. If something screws up your rules during runtime (for example if something flushes the tables), theiptables-save
will permanently save to borked configuration and then you'll have to fix it manually.
– Martin von Wittich
Jan 28 '14 at 17:03
@MartinvonWittich, I concur that you should not use the auto-save. If you make changes and your existing firewall is what you want to survive, you just have to remember to calliptables-save
. On my end, I prefer to edit theiptables.rules
file and add/remove from it. I used the save once a long time ago and since then I just update the existing rules.
– Alexis Wilke
Oct 10 '16 at 19:50
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f111338%2fsaving-an-iptables-configuration-permanently%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
You need to add that command to a file that gets executed on startup, for example to /etc/rc.local
. You can also remove the sudo
prefix then because this file is executed as root
anyway.
You could also install and use the package iptables-persistent
:
martin@dogmeat ~ % aptitude show iptables-persistent
Package: iptables-persistent
State: not installed
Version: 0.5.7
Priority: optional
Section: universe/admin
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: all
Uncompressed Size: 62.5 k
Depends: iptables, lsb-base, debconf (>= 0.5) | debconf-2.0
Description: boot-time loader for iptables rules
This package provides a system startup script that restores iptables rules from a configuration file.
Since this is aimed at experienced administrators, there is no configuration wizard.
According to the documentation, it reads the rules from /etc/iptables/rules
.
Theiptables-persistent
package is the easiest, least-technical method of getting it working, +1 to that answer.)
– Thomas Ward
Jan 28 '14 at 18:12
add a comment |
You need to add that command to a file that gets executed on startup, for example to /etc/rc.local
. You can also remove the sudo
prefix then because this file is executed as root
anyway.
You could also install and use the package iptables-persistent
:
martin@dogmeat ~ % aptitude show iptables-persistent
Package: iptables-persistent
State: not installed
Version: 0.5.7
Priority: optional
Section: universe/admin
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: all
Uncompressed Size: 62.5 k
Depends: iptables, lsb-base, debconf (>= 0.5) | debconf-2.0
Description: boot-time loader for iptables rules
This package provides a system startup script that restores iptables rules from a configuration file.
Since this is aimed at experienced administrators, there is no configuration wizard.
According to the documentation, it reads the rules from /etc/iptables/rules
.
Theiptables-persistent
package is the easiest, least-technical method of getting it working, +1 to that answer.)
– Thomas Ward
Jan 28 '14 at 18:12
add a comment |
You need to add that command to a file that gets executed on startup, for example to /etc/rc.local
. You can also remove the sudo
prefix then because this file is executed as root
anyway.
You could also install and use the package iptables-persistent
:
martin@dogmeat ~ % aptitude show iptables-persistent
Package: iptables-persistent
State: not installed
Version: 0.5.7
Priority: optional
Section: universe/admin
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: all
Uncompressed Size: 62.5 k
Depends: iptables, lsb-base, debconf (>= 0.5) | debconf-2.0
Description: boot-time loader for iptables rules
This package provides a system startup script that restores iptables rules from a configuration file.
Since this is aimed at experienced administrators, there is no configuration wizard.
According to the documentation, it reads the rules from /etc/iptables/rules
.
You need to add that command to a file that gets executed on startup, for example to /etc/rc.local
. You can also remove the sudo
prefix then because this file is executed as root
anyway.
You could also install and use the package iptables-persistent
:
martin@dogmeat ~ % aptitude show iptables-persistent
Package: iptables-persistent
State: not installed
Version: 0.5.7
Priority: optional
Section: universe/admin
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: all
Uncompressed Size: 62.5 k
Depends: iptables, lsb-base, debconf (>= 0.5) | debconf-2.0
Description: boot-time loader for iptables rules
This package provides a system startup script that restores iptables rules from a configuration file.
Since this is aimed at experienced administrators, there is no configuration wizard.
According to the documentation, it reads the rules from /etc/iptables/rules
.
answered Jan 28 '14 at 16:43
Martin von WittichMartin von Wittich
9,92433157
9,92433157
Theiptables-persistent
package is the easiest, least-technical method of getting it working, +1 to that answer.)
– Thomas Ward
Jan 28 '14 at 18:12
add a comment |
Theiptables-persistent
package is the easiest, least-technical method of getting it working, +1 to that answer.)
– Thomas Ward
Jan 28 '14 at 18:12
The
iptables-persistent
package is the easiest, least-technical method of getting it working, +1 to that answer.)– Thomas Ward
Jan 28 '14 at 18:12
The
iptables-persistent
package is the easiest, least-technical method of getting it working, +1 to that answer.)– Thomas Ward
Jan 28 '14 at 18:12
add a comment |
Using iptables-save and iptables-restore you can save the actual rules to a file like this:
iptables-save > /etc/iptables.rules
You can add in /etc/network/interfaces file this:
pre-up iptables-restore < /etc/iptables.rules
And this line in the same to save before shutdown your machine:
post-down iptables-save > /etc/iptables.rules
Anyway you can find all the info in the Community Ubuntu Documentations - How to Iptables
I've seen that in the Ubuntu wiki too, but I don't really like that solution. If something screws up your rules during runtime (for example if something flushes the tables), theiptables-save
will permanently save to borked configuration and then you'll have to fix it manually.
– Martin von Wittich
Jan 28 '14 at 17:03
@MartinvonWittich, I concur that you should not use the auto-save. If you make changes and your existing firewall is what you want to survive, you just have to remember to calliptables-save
. On my end, I prefer to edit theiptables.rules
file and add/remove from it. I used the save once a long time ago and since then I just update the existing rules.
– Alexis Wilke
Oct 10 '16 at 19:50
add a comment |
Using iptables-save and iptables-restore you can save the actual rules to a file like this:
iptables-save > /etc/iptables.rules
You can add in /etc/network/interfaces file this:
pre-up iptables-restore < /etc/iptables.rules
And this line in the same to save before shutdown your machine:
post-down iptables-save > /etc/iptables.rules
Anyway you can find all the info in the Community Ubuntu Documentations - How to Iptables
I've seen that in the Ubuntu wiki too, but I don't really like that solution. If something screws up your rules during runtime (for example if something flushes the tables), theiptables-save
will permanently save to borked configuration and then you'll have to fix it manually.
– Martin von Wittich
Jan 28 '14 at 17:03
@MartinvonWittich, I concur that you should not use the auto-save. If you make changes and your existing firewall is what you want to survive, you just have to remember to calliptables-save
. On my end, I prefer to edit theiptables.rules
file and add/remove from it. I used the save once a long time ago and since then I just update the existing rules.
– Alexis Wilke
Oct 10 '16 at 19:50
add a comment |
Using iptables-save and iptables-restore you can save the actual rules to a file like this:
iptables-save > /etc/iptables.rules
You can add in /etc/network/interfaces file this:
pre-up iptables-restore < /etc/iptables.rules
And this line in the same to save before shutdown your machine:
post-down iptables-save > /etc/iptables.rules
Anyway you can find all the info in the Community Ubuntu Documentations - How to Iptables
Using iptables-save and iptables-restore you can save the actual rules to a file like this:
iptables-save > /etc/iptables.rules
You can add in /etc/network/interfaces file this:
pre-up iptables-restore < /etc/iptables.rules
And this line in the same to save before shutdown your machine:
post-down iptables-save > /etc/iptables.rules
Anyway you can find all the info in the Community Ubuntu Documentations - How to Iptables
edited Jan 18 at 8:28
Kyle Younge
32
32
answered Jan 28 '14 at 16:52
curratorecurratore
15917
15917
I've seen that in the Ubuntu wiki too, but I don't really like that solution. If something screws up your rules during runtime (for example if something flushes the tables), theiptables-save
will permanently save to borked configuration and then you'll have to fix it manually.
– Martin von Wittich
Jan 28 '14 at 17:03
@MartinvonWittich, I concur that you should not use the auto-save. If you make changes and your existing firewall is what you want to survive, you just have to remember to calliptables-save
. On my end, I prefer to edit theiptables.rules
file and add/remove from it. I used the save once a long time ago and since then I just update the existing rules.
– Alexis Wilke
Oct 10 '16 at 19:50
add a comment |
I've seen that in the Ubuntu wiki too, but I don't really like that solution. If something screws up your rules during runtime (for example if something flushes the tables), theiptables-save
will permanently save to borked configuration and then you'll have to fix it manually.
– Martin von Wittich
Jan 28 '14 at 17:03
@MartinvonWittich, I concur that you should not use the auto-save. If you make changes and your existing firewall is what you want to survive, you just have to remember to calliptables-save
. On my end, I prefer to edit theiptables.rules
file and add/remove from it. I used the save once a long time ago and since then I just update the existing rules.
– Alexis Wilke
Oct 10 '16 at 19:50
I've seen that in the Ubuntu wiki too, but I don't really like that solution. If something screws up your rules during runtime (for example if something flushes the tables), the
iptables-save
will permanently save to borked configuration and then you'll have to fix it manually.– Martin von Wittich
Jan 28 '14 at 17:03
I've seen that in the Ubuntu wiki too, but I don't really like that solution. If something screws up your rules during runtime (for example if something flushes the tables), the
iptables-save
will permanently save to borked configuration and then you'll have to fix it manually.– Martin von Wittich
Jan 28 '14 at 17:03
@MartinvonWittich, I concur that you should not use the auto-save. If you make changes and your existing firewall is what you want to survive, you just have to remember to call
iptables-save
. On my end, I prefer to edit the iptables.rules
file and add/remove from it. I used the save once a long time ago and since then I just update the existing rules.– Alexis Wilke
Oct 10 '16 at 19:50
@MartinvonWittich, I concur that you should not use the auto-save. If you make changes and your existing firewall is what you want to survive, you just have to remember to call
iptables-save
. On my end, I prefer to edit the iptables.rules
file and add/remove from it. I used the save once a long time ago and since then I just update the existing rules.– Alexis Wilke
Oct 10 '16 at 19:50
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f111338%2fsaving-an-iptables-configuration-permanently%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown