How to save iptables on a GoDaddy VPS that will stay after a reboot – hint: its not iptables-save!

There is a lot of information on iptables on the internet – a lot of great posts, however it took me a while to find out how to save iptables on a GoDaddy VPS (virtual private server ) in a way that is persistent (stays after a reboot).

The rules your VPS uses when iptables are restarted or the server is rebooted are found in file /etc/sysconfig/iptables. Best practice is to add rules to your server using the iptables command, but as you know, those rules won’t stay after you restart the service or reboot the server.

Once you have iptables running the way you want – you can type iptables-save and it will output on the screen your iptable rules as you would want them in the /etc/sysconfig/iptables file, but it does not save those rules to your /etc/sysconfig/iptables file. It just outputs it to the screen – no matter how many forums and blogs out there say otherwise.

So here is what I do when working with iptables, in order to save my changes:

  1. add rules using iptables commands
  2. validate they work as expected
  3. backup my existing /etc/sysconfig/iptables file using this command:
    • cp /etc/sysconfig/iptables /etc/sysconfig/iptables.rules
  4. run the iptables-save command, redirecting the output to /etc/sysconfig/iptables using this command:
    • iptables-save > /etc/sysconfig/iptables

If you did that correctly – your new rules will persist after a reboot or restart of the iptables service.

On a sidenote – its good practice to setup a cron job to stop iptables every 5 mins while you are working on them. This way, if you lock yourself out, all you have to do is wait 5 mins and you can get back on the box to undo whatever you have done. Just don’t forget to stop the cronjob after you are done working with iptables.

One thought on “How to save iptables on a GoDaddy VPS that will stay after a reboot – hint: its not iptables-save!

  1. Eric

    I am trying to setup iptables on a GoDaddy Virtual Host using the following:
    iptables -P INPUT ACCEPT
    iptables -F
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A INPUT -i eth0 -j ACCEPT
    iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -p tcp –dport 22 -j ACCEPT
    iptables -P INPUT DROP
    iptables -P FORWARD DROP
    iptables -P OUTPUT ACCEPT
    iptables -L -v

    ## open port ssh tcp port 22 ##
    iptables -A INPUT -p tcp –dport 22 -j ACCEPT

    ## open tcp port 25 (smtp) for all ##
    iptables -A INPUT -p tcp –dport 25 -j ACCEPT

    ## open dns server ports for all ##
    iptables -A INPUT -p udp –dport 53 -j ACCEPT
    iptables -A INPUT -p tcp –dport 53 -j ACCEPT

    ## open http/https (Apache) server port to all ##
    iptables -A INPUT -p tcp –dport 80 -j ACCEPT
    iptables -A INPUT -p tcp –dport 443 -j ACCEPT

    ## open tcp port 110 (pop3) for all ##
    iptables -A INPUT -p tcp –dport 110 -j ACCEPT

    ## open tcp port 143 (imap) for all ##
    iptables -A INPUT -p tcp –dport 143 -j ACCEPT

    Every time I start the iptables service, none of the websites on this server are functioning and I cant access Plesk.

    If I service iptables stop, it all works again. Is there a simple syntax error here?

    Reply

Leave a Reply