Home / ubuntu / Questions / 1252275
In Process
Houman
Asked: 2020-06-21 13:09:33 +0800 CST

Ubuntu 20.04 can't persist the Iptables configuration

  • 772

I have been doing this in all previous Ubuntu editions without an issue, but something has changed in Ubuntu 20.04.

sudo apt install iptables-persistent

iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
...

debconf-set-selections <<< "iptables-persistent iptables-persistent/autosave_v4 boolean true"
debconf-set-selections <<< "iptables-persistent iptables-persistent/autosave_v6 boolean true"
dpkg-reconfigure iptables-persistent

Two things I have noticed

  1. Despite the settings above, I can't install it silently. I get this screen: enter image description here And despite clicking yes the file /etc/iptables/rules.v4 is empty
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
  1. After a reboot, everything is set to the file above. So nothing is saved.

Any advise please?

iptables 20.04

3 Answers

  1. I can at least answer part of your question, it appears that there is no way to suppress the save prompt during the reconfigure and also have it perform the save. You can suppress the prompt by setting "iptables-persistent/autosave_done" but that also prevents any saves from happening. If you want to look at the logic, it's contained in /var/lib/dpkg/info/iptables-persistent.config and /var/lib/dpkg/info/iptables-persistent.postinst.

    I have no idea why the reconfigure save isn't working, this sounds silly but can you do a iptables -t filter -L -n before you run the reconfigure? Does it look like you expect?

    As a side question, are you running reconfigure for the sole purpose of saving your rules? If so, it's far easier to do iptables-save > /etc/iptables/rules.v4 && ip6tables-save > /etc/iptables/rules.v6

    • 4

  2. How to save iptables permenantely on ubuntu 20.04?

    here I am going to give port: 80 and 443 rules for incomming

    sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT

sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT

    installing iptables-persistent

    sudo apt-get install iptables-persistent

    if already isntalled then restart it:

    sudo dpkg-reconfigure iptables-persistent

    give - YES on both questions

    now save iptables permenantley to files:

    sudo iptables-save | sudo tee /etc/iptables/rules.v4

sudo ip6tables-save | sudo tee /etc/iptables/rules.v6

    now reboot your ubuntu

    sudo reboot

    You will find that all iptables rules will also reload automatically for our ports 80 and 443 incoming.

    • 1

  3. iptables doesn't work anymore with UBUNTU 20.04 since ~febrary 2021. users must migrate to nftables package. You can install it by use apt or synaptic. https://www.netfilter.org/projects/nftables/index.html

    • 0