26

Every time I reboot I loose the iptables rules that took me so looong to enter. I know I can save them and restore them on boot, but is there anyway to save them forever? Do I really need to restore them on boot every time? Seriously?

The problem is I have a HUGE list of IPs in which I use a while loop to load them in. This can take upwards of 10 minutes.

This is my home FTP server. It's a small vm with 1gb ram and very little processing power. There are so many IPs because I've pretty much given up on the Asian continent. I don't need them to be hitting up my FTP server everyday with brute force. I also block gov. monitors, trackers and spammers.

This is the while loop I use to load in the list.

grep INPUT block.list | while read LISTA; do sudo iptables -A $LISTA; done
Santosh Kumar
  • 1,700
capdragon
  • 1,047

3 Answers3

36
apt-get install iptables-persistent

On install, it should save your current iptables config. Otherwise you can save them to these files (depending on v4 or v6) and iptables-persistent will load them on boot :)

iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
Matt Fletcher
  • 463
  • 4
  • 6
26

First, create a file with the contents of iptables-save:

sudo iptables-save > /etc/iptables_rules

It doesn't really matter where you put the file, all you have to do is make sure that the next line refers to the same file. Next, open /etc/rc.local and add this line:

/sbin/iptables-restore < /etc/iptables_rules

From now on, every time your computer powers up or restarts iptables will load rules from the file that you specified.

gertvdijk
  • 69,427
pankaj sharma
  • 815
2

If you do have a lot of rules you should also consider using ipset in conjunction with iptables. Ipset uses an indexed database table and is a lot faster than iptables when looking up an address to decide whether to accept or deny.

http://ipset.netfilter.org/index.html

Bob Brunius
  • 641