Skip to main content
  1. Projects/

ipset-persistent — sysv init for ipset

·230 words·2 mins· loading · loading ·
Sysadmin Linux Firewall
This project is not in active development anymore

I’ve been using Debian-like systems for over 10 years, and throughout all this time, one question has remained: how do you properly save iptables rules across reboots? While CentOS has long had built-in support for working with rule sets, in Debian, for a long time, the only official guidance was a Wiki article. And although some of my more orthodox colleagues still write iptables-restore < /etc/iptables in /etc/rc.local, that article was updated not too long ago and now mentions the iptables-persistent package. This package includes an init script specifically designed to save and restore rule sets.

However, this script has one serious issue: it doesn’t work if your iptables rules use ipset sets — because these sets must be loaded before the rules themselves. And here you have three options. You can either go back to the old approach:

1ipset restore < /etc/ipset
2iptables-restore < /etc/iptables

or fixing it in /etc/init.d/iptables-persistent directly, which is a bad idea.

So here is the solution:

You can install it like this:

 1# Clone repository to some directory:
 2git clone https://github.com/soar/ipset-persistent.git
 3
 4# Copy files to system:
 5sudo cp --parent etc/ipset/README /
 6sudo cp --parent etc/default/ipset-persistent /
 7sudo cp --parent etc/init.d/ipset-persistent /
 8
 9# Add to autostart:
10sudo update-rc.d ipset-persistent defaults
@soar
Author
@soar
Senior SRE/DevOps engineer

Related

WiMP
·33 words·1 min· loading · loading
Sysadmin Linux Multicast
Multicast MPEG-TS sequence debug tool (Win32)
Linux remote reinstall
·1798 words·9 mins· loading · loading
Sysadmin Linux
What if we have only remote access and no free space on the disk?