IPTables rules are flushed after a reboot. I found out when i couldn't connect to a SOCKS5 proxy after the vps provider rebooted my node without notice. Poor system uptime seems to be a problem with some budget VPS. Here's how to make the rules stick after a reboot.
- On Debian,
Save the rules to a file
#iptables-save > /etc/firewall.conf
Create a startup script so ifupdown loads these rules on boot:
vi /etc/network/if-up.d/iptables
#!/bin/sh
iptables-restore < /etc/firewall.conf
chmod +x /etc/network/if-up.d/iptables
Reboot, and check rules with iptables -L
- On CentOS,
/sbin/service iptables save
This executes the iptables init script, which runs the /sbin/iptables-save program and writes the current iptables configuration to /etc/sysconfig/iptables. The existing /etc/sysconfig/iptables file is saved as /etc/sysconfig/iptables.save.
The next time the system boots, the iptables init script reapplies the rules saved in /etc/sysconfig/iptables by using the /sbin/iptables-restore command.
You can also save the iptables rules to a separate file for distribution, backup or other purposes. To save your iptables rules, type the following command as root:
[root@myserver ~]# iptables-save > <filename>
where <filename> is a user-defined name for your ruleset.
If distributing the /etc/sysconfig/iptables file to other machines, type /sbin/service iptables restart for the new rules to take effect.
Note the difference between the iptablescommand (/sbin/iptables), which is used to manipulate the tables and chains that constitute the iptables functionality, and the iptablesservice (/sbin/iptables service), which is used to enable and disable the iptables service itself.
- On Debian,
Save the rules to a file
#iptables-save > /etc/firewall.conf
Create a startup script so ifupdown loads these rules on boot:
vi /etc/network/if-up.d/iptables
#!/bin/sh
iptables-restore < /etc/firewall.conf
chmod +x /etc/network/if-up.d/iptables
Reboot, and check rules with iptables -L
- On CentOS,
/sbin/service iptables save
This executes the iptables init script, which runs the /sbin/iptables-save program and writes the current iptables configuration to /etc/sysconfig/iptables. The existing /etc/sysconfig/iptables file is saved as /etc/sysconfig/iptables.save.
The next time the system boots, the iptables init script reapplies the rules saved in /etc/sysconfig/iptables by using the /sbin/iptables-restore command.
You can also save the iptables rules to a separate file for distribution, backup or other purposes. To save your iptables rules, type the following command as root:
[root@myserver ~]# iptables-save > <filename>
where <filename> is a user-defined name for your ruleset.
If distributing the /etc/sysconfig/iptables file to other machines, type /sbin/service iptables restart for the new rules to take effect.
Note the difference between the iptablescommand (/sbin/iptables), which is used to manipulate the tables and chains that constitute the iptables functionality, and the iptablesservice (/sbin/iptables service), which is used to enable and disable the iptables service itself.
No comments:
Post a Comment