Monday, April 23, 2018

cron - All methods of making iptables persist are not working




I set rules in iptables a few months back and used iptables-persistent to make the rules persist through reboot. I just updated my rules and am trying to make them persist but nothing is working they keep resetting to the earlier version. I have tried:



Creating a cronjob that runs on reboot AND every minute,



#!/bin/bash
iptables-restore -c < /home/amart219/iptables.backup


I have saved to the file that supposedly is default location of the rules and reconfigured iptables-persistent




iptables-save > /etc/iptables/rules.v4

dpkg-reconfigure iptables-persistent


I have placed a script in /etc/network/if-pre-up.d/ directory that says the following:



#!/bin/bash
/sbin/iptables-restore < /home/amart219/iptables.backup

/sbin/ip6tables-restore < /home/amart219/iptables.backup


None of these changes make any difference. My understanding is that dpkg-reconfigure iptables-persistent is the correct method however nothing I try works. I am afraid that some time in the past I might have attempted to make them persistent in some other way that worked prior to installing iptables-persistent but if so I have no idea how I might have done that. I ran:
tail -500 /var/log/syslog
right after reboot to see if the system loaded anything but I see nothing but the usual boot data. This server has no cron jobs aside from the one that I created trying to restore the iptables setting. I don't know if that is the problem or not, but if it was I don't know how to locate where it might be running from to change it.



If I manually run the script I set up in cron to restore iptables settings, it works just fine but does not persist through reboot. The cronjob is set up properly, on a separate server I have 40+ cronjobs, I am familiar with the process.



Any suggestions? I am not picky on the method I just need it to work.



Answer



I used to put the line with "iptables-restore" in /etc/rc.local (tested on both Debian 8 and Ubuntu 16.04) and it worked just fine.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...