Permanent local firewall configuration

[Wolf-Dieter Glös]

Hi
To avoid to loose emails during patches and upgrades we usually closed the SMTP ports via the local firewall in the past at other Linux mail relays. Now I'm missing the functionality of iptables-save / iptables-restore at the PMG. Even after installing the mentioned packages and saving the firewall configuration we have an unconfigured firewall after the reboot. I think there are missing the scripts to restore the saved firewall configuration during the restart process.
Is there anyone who can help? Any other ideas?
Wolf

 

[Stoiko Ivanov]

see: https://wiki.debian.org/iptables

but if you're looking into this topic anyways - I'd recommend getting familiar with nftables (modern implementation of a packet filter in the Linux kernel with a nicer sytax for rules)

I hope this helps!

 

[Wolf-Dieter Glös]

Thanks for this hint.
However using the new nftables tool will not cover my problem to get the firewall rule persistent and reboot resistant. But I found a slightly different filesystem path for iptables-save at your link above. I'll give it a try and send a feedback.

Best regards
Wolf

 

[Stoiko Ivanov]

However using the new nftables tool will not cover my problem to get the firewall rule persistent and reboot resistant.

it should simply enable the rules if you put them in /etc/nftables.conf - see `systemctl cat nftables.service` ?