Iptables not persisting after reboot on CentOS 6.2

linux firewall iptables centos

If the changes are not visible with iptables -L after a restart, it suggests that either:

  • The rules aren't being saved

    • You suggest that they are, but at the same time say 'completed timestamps' - plural. This might imply that you have more than one copy of the rules in the same file, and only the first set is being applied.
      • Redirect the output from iptables-save to the above file (don't append): 
        iptables-save > /etc/sysconfig/iptables
      • Alternatively, just move the existing file elsewhere, and then save.

  • The rules are being saved to the wrong file

    • Your configuration may be setup to load a different file than the one you are saving to - ensure that the file being loaded matches the file you save to.
      • The file is normally /etc/sysconfig/iptables
      • If you look in /etc/init.d/iptables, you should find the following lines which determine which file will be loaded: 
        IPTABLES=iptables
IPTABLES_DATA=/etc/sysconfig/$IPTABLES

  • There is an error with the rules

    • This is usually not an issue - iptables typically just ignores erroneous rules; and you are not writing them by hand (you are saving a presumably working ruleset).

  • iptables is not started on boot

    • run 
      chkconfig --list iptables
      to check in which runlevels iptables is loaded. If is is not enabled in the right runlevel, add it with 
      chkconfig --level 2345 iptables on

You should be able to test your setup by just restarting iptables (as opposed to restarting the machine):

service iptables restart

Standard iptables disclaimer: just in case something goes wrong...
  • back up your existing ruleset: 
    cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bak
  • setup a cron job that will flush your iptables after a few minutes (of course, remove this once everything is working).

Are you SURE that iptables-save "ran successfully"? All it does is spit out the current ruleset save file to text. You have to point it to /etc/sysconfig/iptables for that to work.

iptables-save > /etc/sysconfig/iptables

Generally speaking, if you see any output from iptables-save, it just spit the output to your display and that won't do you any good.


I think The best solution is : first enter following command to install iptables-services

yum install iptables-services

then enter following command to save iptable rules

service iptables save

Related

Disable SMTP AUTH on Port 25
How to append to the end of a line before the first pattern match?
What is the clenest way to intriduce a scanner into System Settings?
Virtualbox Bluetooth
Can't boot into Windows from GRUB after formatting old Windows drive
Error mounting filesystem when mounting external hdd
How to upgrade libc6 (glibc) beyond v 2.31 on Ubuntu 20.04?
Can I access my home PC from the office with SSH?
How to create a s3ql file system and mount it automatically on boot?
What happens to directories ommitted from a timeshift snapshot when restoring a snapshot?
Moving from Snaps to Apt (home desktop situation) [duplicate]
How to install Ubuntu on XP then uninstall XP?