Is there a "best practice" or standard to make a few iptables rules permanent? I mean: automatically applied upon a system reboot?
I am using a VPS with Ubuntu Server 10.04 LTS (Lucid Lynx).
Thank you.
BIG EDIT: I don't want ANY rule to be persisted (like iptables-persistent package does). I want only my own specific set to be reloaded... if other rules are eventually added by running iptables, these should be discarded...
The simplest method is to use iptables-save and iptables-restore to save the currently-defined iptables rules to a file and (re)load them (e.g., upon reboot).
So, for instance, you would run
sudo iptables-save | sudo tee /etc/iptables.conf
to save your current iptables rules to /etc/iptables.conf and then insert these lines in /etc/rc.local:
# Load iptables rules from this file
iptables-restore < /etc/iptables.conf
A Quick Update to this as you might be using 12.04 now and things are better.
The iptables-persistent package now solves this issue. To install,
sudo apt-get install iptables-persistent
The rules defined when the package is installed are saved and used on each subsequent boots. New rules loaded are discarded at reboot.
The config file if you do need to change them (once iptables-persistent is installed) is /etc/iptables/rules.v4 or /etc/iptables/rules.v6 for ipv4 and ipv6 iptables respectively.
Better than /etc/rc.local is to add a line in /etc/network/interfaces after saving the iptable's rules, like this
post-up iptables-restore < /etc/iptables.up.rules
or it's the same to put the file inside /etc/network/if-down.d/ or /etc/network/if-post-down.d/ or /etc/network/if-pre-up.d/ or /etc/network/if-up.d/.
