How to permanently update iptables

hafichuk picture hafichuk · Feb 17, 2012 · Viewed 66.2k times · Source

I'm trying to redirect http traffic to port 8080 on the same machine and have the iptables rules below working.

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080

I'm trying to figure out how to make this change permanent incase of a reboot of the system.

I'm using Ubuntu 11.10 server.

Answer

yomimono picture yomimono · Oct 12, 2012

Ubuntu (and Debian) offer the package iptables-persistent (Debian: http://packages.debian.org/wheezy/iptables-persistent , Ubuntu: http://packages.ubuntu.com/saucy/iptables-persistent) , which does exactly what you want. As root, or via sudo:

apt-get install iptables-persistent
iptables-save > /etc/iptables/rules.v4

If you're working with ip6tables, you'll want to also ip6tables-save > /etc/iptables/rules.v6.

You must save the tables again (iptables-save > /etc/iptables/rules.v4, ip6tables-save > /etc/iptables/rules.v6) after any change you make.

On older versions (before iptables-0.5, and before Debian Wheezy) you will need write to a different file:

iptables-save > /etc/iptables/rules