I have a server running Ubuntu 8.04. I have added a few iptable chains, but they keep resetting (by resetting, I mean an iptable -L shows nothing after a day). I have read the other posts about iptables and none of them have helped. I don't know what information is relevant, so sorry for the lack of it.

Thanks for the help.

The problem is probably that the configuration you do (which you should save) is not loaded when the system (re)starts. The loading may fail for a variety of reasons, but one is that you haven't either saved the new ruleset or haven't made the system load it.

There are graphical front-ends to iptables that may allow you to easily just "save" the configuration, and the program takes care of the rest (making iptables load the configuration during boot). But you can just as well use a simple script to work it out; again this can be done in many ways, but a simple one is to have a file where you save the configuration using iptables-save and an init script that reads the configuration from that file using iptables-restore when the system boots.

See
for information on how these work. A simple approach could be to create a configuration, then run (would probably require higher privileges than those of a regular user -- bear that in mind)
and put
into an init script of your preference, like /etc/rc.local if you want it quick; note that this file is probably run as the last one, so if you consider it important to have it run in a specific order (to the other scripts), see the other init scripts in the system and modify them if needed.

Actually an even easier way would be to have a script that contained the whole configuration (as iptables commands) and in the end would run iptables-save (like in the above example), in addition to the script that loads the configuration during boot. This way you wouldn't have to start from scratch when you modified the firewall configuration, but would only have to edit the relevant parts of the rules-script and re-run it.

Probably (at least some of) the graphical front-ends to iptables do the "save setup" -thing that way, by creating an init script that loads the saved configuration from a file.

...and the advantage of creating your iptables ruleset from a bash script is that you do stuff like defining a variable, say

int_net_addr

and then use the value of that variable everywhere you want to specify 'do this with anything in the internal network'. If you don't want to do this kind of thing, you probably might as well just do iptables-save and iptables-restore.

That's a big helper indeed, thanks for adding that..the use of variables instead re-typing lots of things should start right from the beginning, for example

that way the script should work even if the environment changes (for example if the executable isn't where you suppose it was), or if you need to change something that is used throughout the script (path to executable, static address(es), ...), you only need to alter the variable definition (as salasi pointed out).

But even if you do use this script-based approach, you can still use iptables-save in the end to save the configuration to a file, and instead of re-running the script at each boot simply run iptables-restore to load the saved configuration. If you only need one firewall configuration that fills all your needs, it's probably all the same, but if you (for example) needed several configurations, you could simply make copies of the script and modify them (thus having several scripts that would all iptables-save to the same file) to your needs, and if you needed to alter your firewall configuration from config A to config B, you would only have to run the appropriate script -- iptables-restore would then take care of reloading that configuration during boot, without needing to modify any init scripts (other way to do this would be to use a symlink to determine the actual configuration, but having several scripts frees one from symlinks too).

There are a lot of options, but take your time and see what's the easiest one for you in your situation.

You may be helped by looking at a well worked out sample script. This (which is for RedHat, is very similar to the version in the printed Linux Quick Fix Notebook by harrison)
http://www.linuxhomenetworking.com/w...Using_iptables

is pretty well worked out from a scripting point of view (err, imho). I don't think it is easy to run the script itself from Ubuntu without mods (something about permissions and writing direct to /proc/.. rather than using sysctl, if I remember), but I am guessing that a good hard look will enable you to get over your present problems.