You could use iptables-save and iptables-restore, but I personally prefer to have a sytemd service that handles my basic custom rules, and I have an assortment of scripts in my ~/bin directory to handle particular configurations that I might be setting.
Setting up a systemd service is easy enough. My entire firewall is custom, and here is how I invoke it. In the directory /etc/systemd/system, I have the file jlfirewall.service, which contains the following:
- Code: Select all
#
# My firewall. Do what is needed and nothing more
#
[Unit]
Description=Jiml firewall
Wants=network-online.target
After=network-online.target
Conflicts=iptables.service firewalld.service
[Service]
Type=oneshot
RemainAfterExit=yes
StandardOutput=syslog
ExecStart=/usr/local/bin/firewall.sh
[Install]
WantedBy=basic.target
then, in /usr/local/bin I have firewall.sh which sets up my entire firewall. You could put your commands in there, and they would be applied at the right time in the boot.
After doing this, you would run (as root) systemctl enable jlfirewall.service (use your own service name, of course).