I’ve been using Debian-like systems for over 10 years, and throughout all this time, one question has remained: how do you properly save iptables rules across reboots? While CentOS has long had built-in support for working with rule sets, in Debian, for a long time, the only official guidance was a Wiki article. And although some of my more orthodox colleagues still write iptables-restore < /etc/iptables
in /etc/rc.local
, that article was updated not too long ago and now mentions the iptables-persistent
package. This package includes an init script specifically designed to save and restore rule sets.
However, this script has one serious issue: it doesn’t work if your iptables rules use ipset sets — because these sets must be loaded before the rules themselves. And here you have three options. You can either go back to the old approach:
or fixing it in /etc/init.d/iptables-persistent
directly, which is a bad idea.
So here is the solution:
You can install it like this:
1# Clone repository to some directory:
2git clone https://github.com/soar/ipset-persistent.git
3
4# Copy files to system:
5sudo cp --parent etc/ipset/README /
6sudo cp --parent etc/default/ipset-persistent /
7sudo cp --parent etc/init.d/ipset-persistent /
8
9# Add to autostart:
10sudo update-rc.d ipset-persistent defaults