debian 8 iptables-persistent

Persist IP Tables Debian/Ubuntu

To persist any changes you make to your iptables rules, do the following.

Install iptables-persistent:

sudo apt-get install -y iptables-persistent

Make any changes you want to your iptables rules, eg

sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080

Then run

sudo dpkg-reconfigure -y iptables-persistent

The rules should persist after a reboot now.

Extra Info

The dpkg-reconfigure just causes iptables-persistent to do again what it does at install, which is to save the current iptables into a file using a command just like:

iptables-save >/etc/iptables/rules.v4ip6tables-save >/etc/iptables/rules.v6

The iptables-persistent package causes the os to run something like the following on reboot.

iptables-restore < /etc/iptables/rules.v4ip6tables-restore < /etc/iptables/rules.v6

Hope this helps : )

I just stumbled over OP's problem, too (and then his question); found the solution when looking at the package description for iptables-persistent. The new interface seems to be netfilter-persistent, that is use e.g.:

# invoke-rc.d netfilter-persistent save

At least that is what worked for me, HTH ...

Update 8/7/16: It depends on the distro. The following comment content was entered in ignorance of whether the OP distro has a netfilter-persistent package. My apologies. My laptop distro (Mint) does not contain the netfilter-persistent package while my servers distros (Ubuntu 15+) do.

Original answer:As Oliver correctly says, netfilter-persistent replaces iptables-persistent in Ubuntu. What worked with Ubuntu 15.04 was as follows:

Install it, then make sure it is running as a service: service --status-all | grep netfilter-persistent

If not running as a service, start it once for all time with: invoke-rc.d netfilter-persistent start

Then you must place a script someplace that will run when the network or its interfaces stop. The important script content is simply: invoke-rc.d netfilter-persistent save

I put the script in /etc/network/if-post-down.d directory. Don't forget to chmod it to executable. If power outages are any likelihood, you could make a cron entry for the save command.