Persistent IP Tables Rules

Last updated on May 1, 2024

IPTABLES acting as a firewall

IP Tables inside of Ubuntu when running on OCI usually will reset after every reboot. This can troublesome when running services or applications that require open ports. In order for your ports to stay open there is a way to do this in IP tables with two simple commands.

In this example, the shape I am using is an Ampere based A1 Flex instance running Ubuntu in the Oracle Cloud Infrastructure (OCI). This is also in the Free Tier. I will also assume we are running a web server that needs to have port 80 and 443 open to serve websites.

💡

This solution can work on any system that is using IP Tables - not JUST OCI.

⚠️

This solution will NOT work on any OCI shape running any version of Oracle Linux as they do not use IP Tables. If you are running Oracle Linux, you can open ports with this method. Thanks to Todd Sharp from Oracle.

Simply run:

sudo iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT

Allow incoming connections via TCP on port 80

sudo iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT

Allow incoming connections via TCP on port 443

sudo iptables-save | sudo tee /etc/iptables/rules.v4 > /dev/null

Saves the above rules to /etc/iptables/rules.v4 without switching to root user

In addition to the rules above, you may also want to accept ipv6 connections. To enable this, it's the same steps as above but using ip6tables.

sudo ip6tables -I INPUT 1 -p tcp --dport 80 -j ACCEPT

Allow incoming ipv6 connections via TCP on port 80

sudo ip6tables -I INPUT 1 -p tcp --dport 443 -j ACCEPT

Allow incoming ipv6 connections via TCP on port 443

sudo ip6tables-save | sudo tee /etc/iptables/rules.v6 > /dev/null

Saves the above rules to /etc/iptables/rules.v6 without switching to root user

Thanks for Reading!

Written by Max Kulik

Sources:

This solution was created by working with some of the support team from the Tactical RMM community on their Discord server.