Iptables reload/restart on Ubuntu 18.04

18.04 iptables

If you would like your Ubuntu firewall to function in a similar way to RedHat/Fedora, in Ubuntu 18.04, you probably want these:

sudo apt install iptables-persistent netfilter-persistent

Then edit the rules in /etc/iptables/rules.v[46]

Other commands that might be useful:

netfilter-persistent save
netfilter-persistent start

iptables-save  > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6

systemctl stop    netfilter-persistent
systemctl start   netfilter-persistent
systemctl restart netfilter-persistent

If you ever find that your rules aren't correctly applied at boot, you can run these commands to test that there are not errors in your config files:

iptables-restore  < /etc/iptables/rules.v4
ip6tables-restore < /etc/iptables/rules.v6

The two packages are similar, but provide slightly different functionality. If you only install iptables-persistent, you won't get the service definition file for correct handling in systemd, eg /lib/systemd/system/netfilter-persistent.service

If you only install netfilter-persistent, you will find that rules are not correctly applied at boot, as per the README

netfilter-persistent and its plugins
------------------------------------

netfilter-persistent does no work on its own. You need the accompanying
plugins (for example, iptables-persistent) to load and save filter rules.

However, commands are run from netfilter-persistent. For example, to save
all filter rules:

   netfilter-persistent save

or to load them:

   netfilter-persistent start

For more details, see `man netfilter-persistent`.

The system service will try to load rules at startup if enabled, but by
default it will not flush rules at shutdown. This behaviour can be changed
by editing /etc/default/netfilter-persistent.

In newer distributions you normally have a frontend to configure and manage the firewall. The most popular these days are ufw and firewalld and maybe shorewall. Those frontends also take care to add the rules in iptables and the iptables script can be skipped or better to say should be skipped, as the frontends will not pick up your changes you have done with iptables command directly.

For Ubuntu 18.04, it seems firewalld has become the default where ufw is installed but inactive.

root@localhost:~# firewall-cmd --state 
running
root@localhost:~# ufw status
Status: inactive

So rather than creating own iptables conform rules you should use these frontends to create your firewall configuration.

I am not familiar with ufw but sure you will find information here with askubuntu or somewhere else on the internet.
firewalld comes with a GUI (firewall-config) and a command line tool firewall-cmd.
With firewalld you have the option to add rules without applying it right now (permanent) and apply it only after a firewall reload. Or you can add them to your runtime configuration, test it and add it then to your permanent configuration.
To reload e.g. a newly added permanent configuration to your running rules you would have to enter the command as follows or do the corresponding clicks in the GUI.

firewall-cmd --reload

It might look a bit more complicated on the first glance, since firewalld is following zones and an chains concept. But it nicely integrates with NetworkManager, ships a GUI...
A good starting point to get familiar with it is here.


You can check content of the package with :

dpkg -L iptables-persistent

And then you will find that following command is correct:

/etc/init.d/netfilter-persistent restart

Related

How to find history of shell commands since machine was created?
How to force any program to close?
bash: set -x logs to file
DNS not working after upgrade 17.04 to 17.10
Is Vim safe to use in combination with sudo?
Is there an alternative for Scrivener (a tool for writers to arrange ideas?)?
How do I use the HUD?
How to install SqlPlus?
dconf change a string key
Eye strain after using Ubuntu for some time
How to restore a single file from a package?
How do I reconfigure keyboard shortcuts for copy and paste?