Iptables rules lost/reset on reboot

Operating system: Ubuntu 20.04
OS version: 20.04

When my server restarts, all the firewall rules get lost and I go back to default (ACCEPT/ACCEPT/ACCEPT)

The details

I want to use iptables (instead of firewalld). I removed firewalld with sudo apt purge firewalld

I have a set of scripts that automatically update the iptables rules. They’re working fine.

In the Webmin Linux Firewall page, I see my firewall rules as expected. I can make changes and click Apply Configuration and they go into effect.

I can click the Activate at boot button (after first clicking the Yes button). It looks as if that action took effect, too. BUT… the Activate at boot is set to No after a reboot.

Furthermore, if I reboot my server (say, by going to my VPS hosting control panel and clicking Reboot), when it comes back up, iptables -nL shows the default ACCEPT/ACCEPT/ACCEPT again.

The /etc/iptables.up.rules file contains the expected information (reflecting my rules). I have been able to restore the rules manually using iptables-restore.

I don’t know how to check if the boot sequence invokes iptables-restore

Any thoughts on making iptables active with the saved rules after a reboot? Many thanks.

You know when you made changes to you tables, you have to not apply them but to keep them persistent you have to save them. Normally modern distribution would recognise it automatically, and Ubuntu should as well.

Answering my own question… Almost as an afterthought, the Ubuntu iptablesHowTo mentions the solution. (I quote the entire description for your reading pleasure. It follows a couple pages of text describing “Solution 1” and “Solution 2”)

Solution #3 iptables-persistent
Install and use the iptables-persistent package.

I thought I already had installed it, but I ran sudo apt install iptables-persistent and saw a whole lot of confirmatory messages indicating success.

When I rebooted my VPS from the hosting control panel, iptables rules were restored and life is now good.

Update: Life is almost great. I now realize that the Webmin Network → Linux Firewall does not reflect the state of iptables.

The Webmin GUI (incorrectly) states that the files are in /etc/iptables.up.rules and /etc/ip6tables.up.rules However, those files have been removed, so I don’t know where Webmin gets the information.

But the actual rules (saved by iptables-save) are in /etc/iptables/rules.v4 and /etc/iptables/rules.v6 (I wrote a support ticket for this.)

So… here’s the current state: iptables are working, they get restored when I reboot the server, but the Webmin GUI doesn’t show them correctly. (So I have to manage the rules from the command line.) I will update this ticket as I learn more.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.