IpTables restore on startup [SOLVED]

EDIT I tried messing around in the file and I noticed that when I remove the “#” in “ !/bin/sh -e” it turned into a plain text document, leaving the “#” in however, turns it into a runnable script. If anyone is wondering how to do/fix this, the file should be as follows:

# !/bin/sh -e

rc.local

iptables-restore < /etc/iptables-rules

exit 0

That is for the server to always setup the IpTables at startup, but you can make it run any command you want in between the “# !/bin/sh -e” and the “exit 0” and it will run those commands on startup.

original post below

So I have my server on a dedicated machine (not running any VM to clarify) and it works perfectly, the only problem I have is that every time it restarts, I have to open the terminal and run “sudo iptables-restore < /etc/iptables-rules” otherwise I can’t HTTPS to the web user interface and I can’t sftp to the server from a different machine until I run that command. i tried modifying the “/etc/rc.local” file but i dont understand much about how to correctly set up the file, I set it up as follows:

!/bin/sh -e

rc.local

iptables-restore < /etc/iptables-rules

exit 0

But saving the file then turns it into a plain text document so I dont really know how to make it run at startup if its no longer a script.

Thanks!

I was able to get this set by sudo nano /etc/iptables-rules

In the file it has ports already open that you can mimic. Restart iptables or just simply reboot.

i have the same problem as happy_lama, but i have not gotten it to work, every time my system reboots i have to type in “sudo iptables-restore < /etc/iptables-rules” how do i fix this its very annoying.

You can edit the /etc/iptables-rules by typing the command: sudo nano /etc/iptables-rules
You will want to add a line similar to the one below replacing the port number with what you want opened.
Or you can replace it with a range using this format: beginning port number:ending port number
IE: 25563:25567

-A INPUT -p tcp -m tcp --dport *port number | port:range* -j ACCEPT

The first line of a linux script like this is called the shebang (hashbang, alternatively). It is designed to have the comment character first, and there is no space between it and the !. It indicates to the shell that, when executed (+x) directly, it knows to use the /bin/sh interpreter.

Realistically, the above lines should be all that’s necessary under normal circumstances for iptables restoration from file.