Fix Iptables Not Persisting After Reboot on CentOS 6.2

If the changes are not visible with iptables -L after a restart, it suggests that either:

• The rules aren't being saved

  • You suggest that they are, but at the same time say 'completed timestamps' - plural. This might imply that you have more than one copy of the rules in the same file, and only the first set is being applied.
    • Redirect the output from iptables-save to the above file (don't append):

      iptables-save > /etc/sysconfig/iptables

    • Alternatively, just move the existing file elsewhere, and then save.

• The rules are being saved to the wrong file

  • Your configuration may be setup to load a different file than the one you are saving to - ensure that the file being loaded matches the file you save to.
    • The file is normally /etc/sysconfig/iptables
    • If you look in /etc/init.d/iptables, you should find the following lines which determine which file will be loaded:

      IPTABLES=iptables
      IPTABLES_DATA=/etc/sysconfig/$IPTABLES

• There is an error with the rules

  • This is usually not an issue - iptables typically just ignores erroneous rules; and you are not writing them by hand (you are saving a presumably working ruleset).

• iptables is not started on boot

  • run

    chkconfig --list iptables

    to check in which runlevels iptables is loaded. If is is not enabled in the right runlevel, add it with

    chkconfig --level 2345 iptables on

You should be able to test your setup by just restarting iptables (as opposed to restarting the machine):

service iptables restart

• back up your existing ruleset:

  cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bak

• setup a cron job that will flush your iptables after a few minutes (of course, remove this once everything is working).