iptables Rules Not Persisting After Reboot — Firewall Configuration Lost
About iptables Rules Not Persisting After Reboot
Fix iptables firewall rules disappearing after system reboot because rules are stored in memory and not saved to persistent configuration files. This guide covers everything you need to know about this topic, including common causes, step-by-step solutions, and answers to frequently asked questions.
Here are the key things to understand: iptables rules are stored in kernel memory and are lost when the system reboots. Rules must be explicitly saved to a file and restored on boot to persist. Different distributions use different persistence methods: iptables-persistent (Debian/Ubuntu), iptables-services (RHEL/CentOS). nftables is the successor to iptables on modern Linux distributions. Docker, Kubernetes, and other container runtimes add their own iptables rules dynamically. Understanding these fundamentals will help you diagnose and resolve this issue more effectively.
The most common reasons this occurs include: iptables-persistent or iptables-services package not installed. Rules saved with iptables-save but not configured to restore on boot. Firewalld or ufw overriding iptables rules on startup. Docker or Kubernetes resetting iptables chains on container runtime restart. Identifying the root cause is the first step toward finding the right solution.
To resolve this, follow these recommended steps: Debian/Ubuntu: install iptables-persistent: apt install iptables-persistent (saves rules during install). Save rules manually: iptables-save > /etc/iptables/rules.v4 (Debian) or iptables-save > /etc/sysconfig/iptables (RHEL). RHEL/CentOS: install and enable iptables-services: yum install iptables-services && systemctl enable iptables. Verify rules load on boot: reboot and check with iptables -L -n -v. Consider migrating to nftables or firewalld which have built-in persistence. If these steps do not resolve the issue, consider consulting additional resources or a qualified professional.
This article is part of our Linux Error Codes collection on Error Codes Wiki. We provide comprehensive, up-to-date information to help you find solutions quickly.
Quick Answer
Should I switch from iptables to nftables?
On modern distributions (Debian 10+, RHEL 8+, Ubuntu 20.04+), yes. nftables is the successor with better performance, simpler syntax, and built-in persistence. Most distributions already use nftables behind an iptables compatibility layer.
Overview
Fix iptables firewall rules disappearing after system reboot because rules are stored in memory and not saved to persistent configuration files.
Key Details
- iptables rules are stored in kernel memory and are lost when the system reboots
- Rules must be explicitly saved to a file and restored on boot to persist
- Different distributions use different persistence methods: iptables-persistent (Debian/Ubuntu), iptables-services (RHEL/CentOS)
- nftables is the successor to iptables on modern Linux distributions
- Docker, Kubernetes, and other container runtimes add their own iptables rules dynamically
Common Causes
- iptables-persistent or iptables-services package not installed
- Rules saved with iptables-save but not configured to restore on boot
- Firewalld or ufw overriding iptables rules on startup
- Docker or Kubernetes resetting iptables chains on container runtime restart
Steps
- 1Debian/Ubuntu: install iptables-persistent: apt install iptables-persistent (saves rules during install)
- 2Save rules manually: iptables-save > /etc/iptables/rules.v4 (Debian) or iptables-save > /etc/sysconfig/iptables (RHEL)
- 3RHEL/CentOS: install and enable iptables-services: yum install iptables-services && systemctl enable iptables
- 4Verify rules load on boot: reboot and check with iptables -L -n -v
- 5Consider migrating to nftables or firewalld which have built-in persistence