Make iptables configuration persistent using essential system utilities or a designated boot-time loader.
Use essential system utilities
This simple solution is most suitable for a system with a single network interface.
Edit /etc/network/interfaces global configuration file or a specific interface configuration in /etc/network/interfaces.d/ directory to define pre-up and post-up options to save or load iptables configuration using /etc/firewall.rules file.
allow-hotplug eth0 iface eth0 inet static address 192.168.0.5 netmask 255.255.255.0 gateway 192.168.0.254 pre-down iptables-save > /etc/firewall.rules post-up iptables-restore < /etc/firewall.rules
Firewall configuration will be saved before taking the interface down and restored after bringing the interface up.
Use boot-time loader for firewall rules
Install the iptables-persistent package.
$ sudo apt-get install iptables-persistent
Store IPv4 iptables configuration during the installation process.
Store IPv6 iptables configuration during the installation process.
Use dpkg-reconfigure when you need to execute this step later.
$ sudo dpkg-reconfigure iptables-persistent
Ensure that the netfilter-persistent will be enabled at boot.
$ sudo systemctl enable netfilter-persistent
Change FLUSH_ON_STOP variable in /etc/default/netfilter-persistent default configuration file to flush firewall rules when service is stopped. It is not necessary to perform this step if you want the default behavior.
$ cat /etc/default/netfilter-persistent # Configuration for netfilter-persistent # Plugins may extend this file or have their own FLUSH_ON_STOP=0
IPv4 firewall rules are not saved automatically on system shutdown. Use the following command to update these.
$ iptables-save > /etc/iptables/rules.v4
IPv6 firewall rules are not saved automatically on system shutdown. Use the following command to update these.
$ ip6tables-save > /etc/iptables/rules.v6
Additional notes
Import iptables-persistent package configuration before package installation to automate the whole process.
$ cat << EOF | sudo debconf-copydb pipe configdb --config=Name:pipe --config=Driver:Pipe Name: iptables-persistent/autosave_v4 Template: iptables-persistent/autosave_v4 Value: true Owners: iptables-persistent Flags: seen Name: iptables-persistent/autosave_v6 Template: iptables-persistent/autosave_v6 Value: true Owners: iptables-persistent Flags: seen EOF
Export iptables-persistent package configuration using the following command.
$ sudo debconf-copydb configdb stdout \
--config=Name:stdout \
--config=Driver:Pipe \
--config=InFd:none \
--pattern='^iptables-persistent/'Read how to copy answers to the configuration questions for Debian packages for more detailed information.
