Jesin's Blog

Welcome to the Portal of Technology

  • Facebook
  • GitHub
  • RSS
  • Twitter
  • Home
  • Categories
    • Domains
    • Linux
    • Networking
    • PHP
    • Virtualization
    • Web Design
    • Web Servers
    • Windows
  • WordPress Plugins
    • Custom Error Pages
    • HTTP Digest Authentication
    • Mailgun Email Validator
  • Toolbox
    • DNS Lookup Tool
    • htdigest Generator Tool Online
    • htpasswd Generator Tool Online
    • HTTP Headers Lookup Tool
    • MD5 Encryption Tool
    • Open Port Check Tool
    • SHA-1 Encryption Tool
    • URL Encoding/Decoding Tool
  • About Me
  • Contact Me
  • Sitemap
Home ›
Linux ›
How to save IPtables rules in Debian

How to save IPtables rules in Debian

October 22, 2011 Linux Jesin A 5 Comments

This article explains how to make IPtables firewall rules sustain a boot in Debian. But this can also be applied on other Debian based OSes like Ubuntu and Knoppix. You show execute all these commands as the root user or use the sudo command to do it.

First view the list of rules in IPtables

iptables -L

If its a new installation there will be no rules. So add some firewall rules, the following rules will allow HTTP, HTTPS, FTP, SMTP, SSH incoming connections and rejects all other incoming connections including ICMP ping packets.

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -j REJECT

View the firewall rules once more

iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:www
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Write these rules to a file using the following command.

iptables-save > /etc/iptables.rules

Now each time Debian boots iptables-restore command has to be called with these rules, so create and edit a new file as shown below. This file does NOT exist and you have to create it. I’m using VI editor to edit it

vi /etc/network/if-pre-up.d/firewall

Add the following text to that file

#!/bin/bash
/sbin/iptables-restore < /etc/iptables.rules

Save the file and grant executable permissions on that file.

chmod +x /etc/network/if-pre-up.d/firewall

Reboot the system and list the iptables rules to check if it has been applied.

reboot

After reboot

iptables -L

IMPORTANT: Whenever you add or delete rules you should overwrite the changes to the iptables.rules file using the following command

iptables-save > /etc/iptables.rules

Related posts:

linux category thumbnailLinux iptables LOG everything linux category thumbnailHow to setup an unmanaged Debian server linux category thumbnailSetting up a PPTP VPN Server on Debian/Ubuntu linux category thumbnailHow to configure NIS server in Linux windows category thumbnailHow to use PuTTY to create a SSH Tunnel

Tags: iptables, linux, linux system files

Comments

  1. Elroy says

    December 21, 2014 at 12:08 am

    Redirections such as “>” are handled by the shell, which is running as you (not root), so it won’t be able to write to /etc.

    This worked for me:
    sudo iptables-save | sudo tee /etc/iptables.rules

    Reply
    • Jesin A says

      December 21, 2014 at 12:43 am

      You can also do this:

      sudo sh -c 'iptables-save > /etc/iptables.rules'
      Reply
    • Kenneth says

      March 8, 2015 at 2:57 am

      So if you actually ran these commands as root to begin, and the owner/group is root/root. Would I need to still use the sudo command?

      Reply
      • Jesin A says

        March 8, 2015 at 8:58 pm

        No, sudo isn’t required in this case.

        Reply

Trackbacks

  1. Setting up a PPTP VPN Server on Debian/Ubuntu | Jesin's Blog says:
    June 14, 2013 at 11:47 pm

    […] username and password you should change it to your preferred combination. To save IPtables rules read this tutorial. Proceed to creating a VPN […]

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get a wealth of information delivered to your inbox. Subscribe and never miss a single article.

  • Tutorials and howtos
  • Code, scripts and commands
  • Online Tools

* No spam, unsubscribe anytime

Hire Me

  • SSL installation and hardening (A+ on Qualys SSL test)
  • Apache & Nginx configuration
  • Email deliverability improvement (10/10 on Mail Tester & MailGenius)
  • WordPress customization, optimization and migration
  • and much more…

    Tools

    • DNS Lookup Tool
    • htdigest Generator Tool Online
    • htpasswd Generator Tool Online
    • HTTP Headers Lookup Tool
    • MD5 Encryption Tool
    • Open Port Check Tool
    • SHA-1 Encryption Tool
    • URL Encoding/Decoding Tool

    Nav

    • Home
    • About Me
    • Contact Me
    • Privacy Policy
    • Sitemap
    Vultr SSD VPS

    Creative Commons License
    Jesin's Blog by Jesin A is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
    Based on a work at websistent.com.