Iptables Not Save Rules
Hello,
I have been using ipset to blacklist badbots. Works like a champ!
The only problem is if I do a system reboot, I lose the ipset and the rule.
I changed /etc/sysconfig/iptables.conf to:
IPTABLES_SAVE_ON_RESTART=”yes”
IPTABLES_SAVE_ON_STOP=”yes”
And followed the instructions in:
https://www.CentOS.org/forums/viewtopic.php?t853
The changes are still not saved.
The rules show up in the running /etc/syscong/iptables but are lost on a reboot.
Also, firewalld is not installed. This is a CentOS 6.8 system.
One question, do I need to stop iptables before I add the rules? I have seen examples where sometimes they do and sometimes they don’t.
TIA
4 thoughts on - Iptables Not Save Rules
wild guess says, you need to …
chkconfig on ipset
service ipset start
and when you change ipset stuff,
service ipset save
but I’m just guessing, I’ve never used ipsets.
rule.
[Thomas E Dukes]
THANKS!!
I did not realize ipset was running as a service.
Been trying figure out what was wrong for a couple weeks.
Only way to know is to do a reboot and see what happens. Ipset save xxxxxx apparently doesn’t really do anything.
Thanks, again!!
No, but
ipset save blacklist > blacklist.save
might.
jl
John R Pierce’s wild guesses are exactly right.
ipset is NOT running as a “traditional” service, however:
service ipset start|stop|save
load and save ipsets for you automagically.
Notice that it’s “service ipset save” not “ipset save xxxx” as you had typed.
Finally, and this is a bit of a corner case, but “service ipset save”
won’t work if you don’t have the “ip_set” kernel module loaded, that is if your environment has the kernel modules compiled in to the kernel. See lines 123 and 124 of /etc/rc.d/init.d/ipset
Easiest thing for me is to just comment out those two lines, however I
need to remember to comment them out again when the ipset rpm is updated.