Easy Ubuntu 16.04 Server Firewall

If you read our previous article Easy Ubuntu Server Firewall, then you may have noted that on Ubuntu 16.04 the described method no longer works. This is due to systemd. In the article below we will walk through creating a persistent IPTables based firewall on Ubuntu 16.04 LTS. First we need to install some required software packages. As seen in the command below, install iptables-persistent. Next we will make netfilter-persistent run at boot. This is the most important step as it will ensure your rules are reloaded at boot time.

Once the packages above are installed and the service is stopped, you will have a new directory at /etc/iptables/. This directory holds the IPTables filter rules that will be reloaded at boot time. These files are named rules.v4 and rules.v6 respectively. IPV4 rules are loaded into rules.v4 and IPV6 rules are loaded into rules.v6. For the purpose of this article we will focus on IPV4 rules. Next we will want to copy the rules below into our rules.v4 file. Of course the rules will need to be modified to fit your environment.

Lastly, in order for our new rules to take affect, we simply need to start the netfilter-persistent service as seen below. That’s it, you now have a fully functional IPTables based firewall.

Did you find this article useful? Why not share it with your friends?

5 thoughts on “Easy Ubuntu 16.04 Server Firewall

  1. i get the following error:
    >sudo service netfilter-persistent start
    Job for netfilter-persistent.service failed because the control process exited with error code.
    See “systemctl status netfilter-persistent.service” and “journalctl -xe” for details.

    I am using ubuntu 16.10.
    What may be the cause of this?

    1. and systemctl status netfilter-persistent.service gives:
      ● netfilter-persistent.service – netfilter persistent configuration
      Loaded: loaded (/lib/systemd/system/netfilter-persistent.service; enabled; vendor preset: enabled)
      Active: failed (Result: exit-code) since zo 2017-02-05 16:43:57 CET; 2min 8s ago
      Process: 7221 ExecStop=/usr/sbin/netfilter-persistent stop (code=exited, status=1/FAILURE)
      Process: 7319 ExecStart=/usr/sbin/netfilter-persistent start (code=exited, status=1/FAILURE)
      Main PID: 7319 (code=exited, status=1/FAILURE)

      feb 05 16:43:57 spigotserver systemd[1]: Starting netfilter persistent configuration…
      feb 05 16:43:57 spigotserver netfilter-persistent[7319]: run-parts: executing /usr/share/netfilter-persistent/
      feb 05 16:43:57 spigotserver netfilter-persistent[7319]: run-parts: /usr/share/netfilter-persistent/plugins.d/
      feb 05 16:43:57 spigotserver netfilter-persistent[7319]: run-parts: executing /usr/share/netfilter-persistent/
      feb 05 16:43:57 spigotserver systemd[1]: netfilter-persistent.service: Main process exited, code=exited, statu
      feb 05 16:43:57 spigotserver systemd[1]: Failed to start netfilter persistent configuration.
      feb 05 16:43:57 spigotserver systemd[1]: netfilter-persistent.service: Unit entered failed state.
      feb 05 16:43:57 spigotserver systemd[1]: netfilter-persistent.service: Failed with result ‘exit-code’.

      1. I would recommend reinstalling the netfilter-persistent package and ensure it is running first before making any modifications.

        sudo apt-get remove --purge netfilter-persistent ; sudo apt-get install netfilter-persistent

        Once you have the service running, then take a stab at adding your rules.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.