Iptables Not Save Rules

Home » CentOS » Iptables Not Save Rules
CentOS 4 Comments

Hello,

I have been using ipset to blacklist badbots. Works like a champ!

The only problem is if I do a system reboot, I lose the ipset and the rule.

I changed /etc/sysconfig/iptables.conf to:

IPTABLES_SAVE_ON_RESTART=”yes”
IPTABLES_SAVE_ON_STOP=”yes”

And followed the instructions in:

https://www.CentOS.org/forums/viewtopic.php?t853

The changes are still not saved.

The rules show up in the running /etc/syscong/iptables but are lost on a reboot.

Also, firewalld is not installed. This is a CentOS 6.8 system.

One question, do I need to stop iptables before I add the rules? I have seen examples where sometimes they do and sometimes they don’t.

TIA

4 thoughts on - Iptables Not Save Rules

  • wild guess says, you need to …

    chkconfig on ipset
    service ipset start

    and when you change ipset stuff,

    service ipset save

    but I’m just guessing, I’ve never used ipsets.

  • rule.
    [Thomas E Dukes]
    THANKS!!

    I did not realize ipset was running as a service.

    Been trying figure out what was wrong for a couple weeks.

    Only way to know is to do a reboot and see what happens. Ipset save xxxxxx apparently doesn’t really do anything.

    Thanks, again!!

  • John R Pierce’s wild guesses are exactly right.

    ipset is NOT running as a “traditional” service, however:

    service ipset start|stop|save

    load and save ipsets for you automagically.

    Notice that it’s “service ipset save” not “ipset save xxxx” as you had typed.

    Finally, and this is a bit of a corner case, but “service ipset save”
    won’t work if you don’t have the “ip_set” kernel module loaded, that is if your environment has the kernel modules compiled in to the kernel. See lines 123 and 124 of /etc/rc.d/init.d/ipset

    Easiest thing for me is to just comment out those two lines, however I
    need to remember to comment them out again when the ipset rpm is updated.