`iptables` / Netfilter

Snippets

List all chains and rules

iptables --list --numeric --line-numbers

Allow incoming SSH connections

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Persist rules across reboots

Manual
Debian/Ubuntu

Save current rules

sudo iptables-save > /etc/iptables/rules.v4
sudo ip6tables-save > /etc/iptables/rules.v6

Create a systemd service to restore these rules on boot:

/etc/systemd/system/iptables-restore.service
[Unit]
Description=Restore iptables firewall
Before=network-pre.target
Wants=network-pre.target

[Service]
Type=oneshot
ExecStart=/sbin/iptables-restore < /etc/iptables/rules.v4
ExecStart=/sbin/ip6tables-restore < /etc/iptables/rules.v6
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

Enable the service

sudo systemctl enable iptables-restore

Install the iptables-persistent package:

sudo apt install iptables-persistent

Save current rules

sudo netfilter-persistent save

Rules are saved in /etc/iptables/rules.v4 and /etc/iptables/rules.v6. A systemd service will be setup automatically to restore these rules on boot.

In case you want to reload rules manually, use:

sudo netfilter-persistent reload

Snippets​

List all chains and rules​

Allow incoming SSH connections​

Persist rules across reboots​

Snippets

List all chains and rules

Allow incoming SSH connections

Persist rules across reboots