The process of persisting firewall rules in Ubuntu 16.04 is different to the procedure for 14.04.
The Firewall setup is broadly the same as for 14.04 as described here.
This article briefly describes how to import a set of rules for IPtables and make these rules persist across reboots.
If you’re exporting a ruleset from an existing Ubuntu 14.04 server, log in to this machine. Assuming that the
iptables-persistent package is installed, run the following commands:
Copy these ruleset files across to a temporary location on your Ubuntu 16.04 server.
To save the imported rules, run the iptables-persistent dpkg-reconfigure script:
NOTE: The commands
sudo netfilter-persistent save and
sudo netfilter-persistent reload should work, but we’ve had problems with these commands and resorted to the dpkg-reconfigure option. It may be that a restart of the service is necessary after running these commands.
iptables-persistent to repeat the install procedure - it will prompt for you to save the current rules. The current iptables rules will be saved into a file by means of
iptables-save >/etc/iptables/rules.v4 and
ip6tables-save >/etc/iptables/rules.v6. You should see your rules in
iptables-persistent package causes the following to run on reboot:
Persistent Rules and Fail2Ban
If you save iptables rules for restoration on reboot, and they contain rules added by Fail2Ban, Fail2Ban will duplicate the rules on boot. After a few reboots, the iptables can potentially get very messy.
To avoid this, stop the fail2ban service before saving the reconfiguration, and manually edit the saved rules to remove references to Fail2Ban. Rebooting should result in the correct rules being added, as Fail2Ban adds it’s own:
comments powered by Disqus