Skip to content
Home » Linux » How to Persist Manually Modified Iptables Across System Reboots

How to Persist Manually Modified Iptables Across System Reboots

After modifying the iptables manually, restarting the service to make it work.
[root@test ~]# vi /etc/sysconfig/iptables
[root@test ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

Check the new rules by this:
[root@test ~]# iptables -L -n

OK, the new settings seemed worked. Let's try to reboot.
[root@test ~]# shutdown -r now
After a reboot, check the current settings of iptables:
[root@test ~]# iptables -L -n

The above settings looked like back to the old version. But we can see the newly configured rules are still in /etc/sysconfig/iptables. Why was that?

You might think the finalized configuration files in /etc are always everything to services on Linux. Mostly, it's true, but not in this case.

The fact is that the service of iptables did reflect the newly configured rules when restarting the service, but it did not recognize it as an finalized version until it is "Saved" by the service like this:
[root@test ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

Then, iptables recognized the new configuration resided in memory as the finalized version. In other words, if you did not "Save" it by iptables, the service will take the prior version as a current and effective one and used it in the server after system reboots.

Beside the explicit saving command, you can save the configuration implicitly by changing the default setting like this:
[root@test ~]# vi /etc/sysconfig/iptables-config

It will save the configuration when the service stop (e.g. server shutdown). Let's review the configuration of iptables.
[root@test ~]# grep -v ^# /etc/sysconfig/iptables-config | sed '/^$/d'

Kindly remind you that if you are used to edit iptables manually, don't forget to restart the service before saving by service.

Further Reading - How to Open Ports on IPTables and Survive across Reboots on Enterprise Linux 6 and 7

Leave a Reply

Your email address will not be published. Required fields are marked *