Persistence and Management

Persistence and Management

Ensuring firewall rules persist across reboots and managing rule changes safely are critical operational considerations. Different distributions handle persistence differently, and understanding these mechanisms prevents security gaps during system maintenance.

For iptables persistence on Debian/Ubuntu:

# Install iptables-persistent
sudo apt-get install iptables-persistent

# Save current rules
sudo netfilter-persistent save

# Rules are saved to:
# /etc/iptables/rules.v4 (IPv4)
# /etc/iptables/rules.v6 (IPv6)

# Reload saved rules
sudo netfilter-persistent reload

For Red Hat-based systems:

# Save current rules
sudo iptables-save > /etc/sysconfig/iptables

# Enable iptables service
sudo systemctl enable iptables
sudo systemctl start iptables

UFW rules are automatically persistent, but backup is still important:

# Backup UFW configuration
sudo cp -r /etc/ufw /backup/ufw-$(date +%Y%m%d)

# Export rules for documentation
sudo ufw status numbered > /backup/ufw-rules-$(date +%Y%m%d).txt