How to make iptables/ip6tables configurations permanent across reboot on CentOS 7 Linux?

Posted on

How to make iptables/ip6tables configurations permanent across reboot on CentOS 7 Linux?

CentOS 7 uses FirewallD by default. If you would like to manage iptables/ip6tables rules directly without using FirewallD, you may use the old good iptables-services service which will load the iptables/ip6tables rules saved in /etc/sysconfig/iptables and /etc/sysconfig/ip6tables when it is started during boot time.

Enable iptables-services service

# yum install iptables-services
# touch /etc/sysconfig/iptables
# touch /etc/sysconfig/ip6tables
# systemctl start iptables
# systemctl start ip6tables
# systemctl enable iptables
# systemctl enable ip6tables

If the systems has FirewallD installed and enabled by default, you may disable the firewalld by

# systemctl disable firewalld.service
# systemctl stop firewalld.service 

Save iptables and ip6tables rules

Backup the configuration files before saving:

# cp /etc/sysconfig/iptables /etc/sysconfig/iptables-date +%s
# cp /etc/sysconfig/ip6tables /etc/sysconfig/ip6tables-date +%s

Then save the iptables rules:

# iptables-save >/etc/sysconfig/iptables
# ip6tables-save >/etc/sysconfig/ip6tables