This might be an obvious thing to old Linux-heads out there, but it sure caught me off-guard, so there might be some use in spelling it out:
iptables-save
and iptables-restore
do not actually save/load the iptables rules to/from an external file. You are responsible for redirecting the output of iptables-save
to a file and modifying the interface-up scripts such that it is loaded before the given interface comes up.
The Ubuntu documentation tells you how (although, it also was the source of my confusion) – the following commands should be executed as root, so don’t forget to sudo su
first:
- Save your rules in a file:
iptables-save >/etc/iptables.rules
- Edit your interfaces file (substitute your own favorite editor here):
nano /etc/network/interfaces
- Add a pre-up command to restore the saved rule. The fully configured file should look similar to this (the bold line is the one added):
auto eth0 iface eth0 inet dhcp pre-up iptables-restore < /etc/iptables.rules
HTH. And remember – security is a process / mindset, not a state. Always test the configuration changes you’ve done, don’t just assume that everything went ok because you didn’t receive error messages.