iptables is a powerful firewall tool used to control network traffic in Linux. This guide explains how to install, configure, and make iptables rules persistent across major Linux distributions.
Important Note
iptables rules are not persistent by default. After a reboot, any rules you add will be lost unless you configure your system to save and restore them.
Debian-Based Distributions
- Install iptables (if not already installed):
sudo apt install iptables - Persist rules with iptables-persistent:
sudo apt install iptables-persistent
Rules are saved in/etc/iptables/rules.v4and/etc/iptables/rules.v6. - Manually save rules:
sudo iptables-save > /etc/iptables/rules.v4sudo ip6tables-save > /etc/iptables/rules.v6 - Update saved rules:
sudo netfilter-persistent save - Reload rules:
sudo netfilter-persistent reload
Red Hat-Based Distributions
- Disable firewalld if active:
sudo systemctl stop firewalldsudo systemctl disable firewalld - Install iptables services:
sudo yum install iptables-services(older systems)sudo dnf install iptables(modern systems) - Enable and start:
sudo systemctl enable iptablessudo systemctl start iptables - Check status:
sudo systemctl status iptables
Arch-Based Distributions
- Install iptables:
sudo pacman -S iptables - Enable and start service (if available):
sudo systemctl enable iptablessudo systemctl start iptables
openSUSE-Based Distributions
- Install iptables:
sudo zypper install iptables - Enable and start service:
sudo systemctl enable iptablessudo systemctl start iptables
Basic iptables Commands
- Allow SSH (port 22):
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT - Allow HTTP (port 80):
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT - Allow HTTPS (port 443):
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT - Deny port 8080:
sudo iptables -A INPUT -p tcp --dport 8080 -j DROP - Delete rule (port 80):
sudo iptables -D INPUT -p tcp --dport 80 -j ACCEPT - List rules:
sudo iptables -L -v -n
Tip: Use -I instead of -A to insert a rule at the beginning of the chain.
Making iptables Rules Persistent
Debian-Based Systems
- Rules saved with iptables-persistent are automatically restored at boot.
- Manual save:
sudo iptables-save > /etc/iptables/rules.v4sudo ip6tables-save > /etc/iptables/rules.v6 - Manual restore:
sudo iptables-restore < /etc/iptables/rules.v4sudo ip6tables-restore < /etc/iptables/rules.v6
Other Distributions
- Create directory:
sudo mkdir -p /etc/iptables - Save rules:
sudo iptables-save > /etc/iptables/rules.v4sudo ip6tables-save > /etc/iptables/rules.v6 - Create systemd service (
/etc/systemd/system/iptables-restore.service):
[Unit] Description=Restore iptables firewall rules Before=network.target [Service] Type=oneshot ExecStart=/sbin/iptables-restore < /etc/iptables/rules.v4 ExecStart=/sbin/ip6tables-restore < /etc/iptables/rules.v6 RemainAfterExit=yes [Install] WantedBy=multi-user.target
- Enable and start service:
sudo systemctl enable iptables-restore.servicesudo systemctl start iptables-restore.service
Be Aware of Defaults
Some modern Linux distributions use firewalld or nftables by default. If you plan to use iptables exclusively, disable any conflicting firewall services first.
By installing and configuring iptables, you gain precise control over network traffic in Linux. With persistence enabled, your firewall rules remain active across reboots, ensuring consistent protection.
Regularly reviewing and updating your iptables rules helps maintain a secure and efficient system tailored to your needs.