There is a lot of information on iptables on the internet – a lot of great posts, however it took me a while to find out how to save iptables on a GoDaddy VPS (virtual private server ) in a way that is persistent (stays after a reboot).
The rules your VPS uses when iptables are restarted or the server is rebooted are found in file /etc/sysconfig/iptables. Best practice is to add rules to your server using the iptables command, but as you know, those rules won’t stay after you restart the service or reboot the server.
Once you have iptables running the way you want – you can type iptables-save and it will output on the screen your iptable rules as you would want them in the /etc/sysconfig/iptables file, but it does not save those rules to your /etc/sysconfig/iptables file. It just outputs it to the screen – no matter how many forums and blogs out there say otherwise.
So here is what I do when working with iptables, in order to save my changes:
- add rules using iptables commands
- validate they work as expected
- backup my existing /etc/sysconfig/iptables file using this command:
- cp /etc/sysconfig/iptables /etc/sysconfig/iptables.rules
- run the iptables-save command, redirecting the output to /etc/sysconfig/iptables using this command:
- iptables-save > /etc/sysconfig/iptables
If you did that correctly – your new rules will persist after a reboot or restart of the iptables service.
On a sidenote – its good practice to setup a cron job to stop iptables every 5 mins while you are working on them. This way, if you lock yourself out, all you have to do is wait 5 mins and you can get back on the box to undo whatever you have done. Just don’t forget to stop the cronjob after you are done working with iptables.