I hate iptables and so can you

I was told that all power leading to my house was underground and therefore I shouldn't have to worry too much about power outages.  I had just moved from a place that was on the same grid as a Verizon distribution center, so I hadn't had significant outages in a very long time.  Maybe twice a year.  Well, the power goes out at least once a month in my new house.  All of my battery backups need new batteries, and it's one of those things that doesn't jump into the budget without a reminder.  So, here I am with shaky power and a decent home lab, trying to follow some semblance of best practices by not shutting off all of the firewalls.

The fun part about iptables is that they go away when you lose power, unless you took preventative steps when setting them.  As a side note, the other fun part is that you have to back them up/save them every time you change them.  You can get around this by setting up a cron job to perform the backup once a week, it's not like they will fill up your hard drive.  So, lets work on backing up and restoring iptables, so you don't have to worry about it anymore.

To start off, most of the information that is needed for RHEL and Debian based distros was at one website.

Aggregate 1
Save and restore iptables

 As I have mentioned in previous blogs, I use Photon for my container hosts.  That way I don't have to worry quite as much about my physical box, and it runs on nearly any hypervisor.  Not kidding, I have it running in Bhyve hypervisor on my FreeNAS.  Since Photon is a docker host, and docker hosts use a whole lot of bridging, I also got to learn about ebtables.  Ethernet Bridge Tables are like iptables, but they will make you want to live in a hut without electricity rather than strictly implement them.  It is a level of security that should be learned and implemented in high security environments, but I will not dig into them here.  Just don't get confused about the ebtables-config file in /etc/sysconfig on the Photon system, that is not for iptables.

If you are using Photon, the location to save your iptables is /etc/systemd/scripts/ip4save or ip6save if, for some reason, you are using ipv6.  Since the iptables service should be enabled by default, the rules you save should load automagically when the system boots. If you are in a homelab and want to make sure that the tables save at some regular interval (in case the power goes out again), you may want to set up a cron job.  Before anyone can freak out about this, I acknowledge that this is probably a bad security practice in a corporate/high security environment.  The cron job should not back up the iptables to where they execute on boot in those types of environments. 

Prior to setting up a cron job on photon, you will need to install cronie.  "tdnf install cronie"
Now you can set up a cron job.

Aggregate 2
Cron tab quick settings explanation

Aggregate 3
Set a cron task

The shell script that I created was pretty simple.  The entire file looked like this:

#!/bin/bash
/usr/sbin/iptables-save > /etc/systemd/scripts/ip4save

And now I don't have to worry quite as much about iptables vanishing after another power outage!