Iptables tables rules being overwritten a few minutes after reboot

iptablesubuntu-12.04

I have some rules that I would like to apply, I added the following

pre-up iptables-restore < /etc/iptablesRules

to /etc/network/interfaces so that they would automatically be applied.

After a reboot they are applied but after a few minutes they are being overwritten, by the default set?

Its an Ubuntu 12.04 vps.

Any ideas what could be causing this?

— FIXED —

After much mulling around it turns out there was a file /etc/sysconfig/firewall which was overwriting any rules set using the /network/interfaces as well as the iptables-persistent options.

So the lesson learned is that moving from one vps provider to another isn't exactly straight forward even if its the same OS.

Best Answer

I was looking into your problem and it looks like there's issue with your version of Ubuntu. More specifically dealing with how pre-up and Network Manager are working. It seems a lot of people have used the iptables-persistent package to successfully restore rules on start up with Ubuntu 12.04.

After installing iptables-persistent it will ask you if you'd like to save your current rules, or create a new rule set.

Related Solutions

Fix Iptables Not Persisting After Reboot on CentOS 6.2

If the changes are not visible with iptables -L after a restart, it suggests that either:

The rules aren't being saved
- You suggest that they are, but at the same time say 'completed timestamps' - plural. This might imply that you have more than one copy of the rules in the same file, and only the first set is being applied.
  - Redirect the output from iptables-save to the above file (don't append):
```
iptables-save > /etc/sysconfig/iptables
```
  - Alternatively, just move the existing file elsewhere, and then save.
The rules are being saved to the wrong file
- Your configuration may be setup to load a different file than the one you are saving to - ensure that the file being loaded matches the file you save to.
  - The file is normally /etc/sysconfig/iptables
  - If you look in /etc/init.d/iptables, you should find the following lines which determine which file will be loaded:
```
IPTABLES=iptables
IPTABLES_DATA=/etc/sysconfig/$IPTABLES
```
There is an error with the rules
- This is usually not an issue - iptables typically just ignores erroneous rules; and you are not writing them by hand (you are saving a presumably working ruleset).
iptables is not started on boot
- run
```
chkconfig --list iptables
```
  to check in which runlevels iptables is loaded. If is is not enabled in the right runlevel, add it with
```
chkconfig --level 2345 iptables on
```

You should be able to test your setup by just restarting iptables (as opposed to restarting the machine):

service iptables restart

Standard iptables disclaimer: just in case something goes wrong...

back up your existing ruleset:

cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bak

setup a cron job that will flush your iptables after a few minutes (of course, remove this once everything is working).

Iptables blank after reboot

First iptables should be enabled on startup with chkconfig on But I guess this is already the case since you get an empty table.

A reason for iptables not loading during bootime could be, that you have rules in your configuration using hostnames, if so replace them by IPs and try again. If you absolutely need hostnames in you iptables configuration be sure to enable (and commit) DNS query from your host first, but I am not sure if this will work in any situation.

Best Answer

Related Solutions

Fix Iptables Not Persisting After Reboot on CentOS 6.2

Iptables blank after reboot

Related Topic