In Ubuntu we don’t have a mechanism to start or stop iptables or we don’t have a mechanism to restore iptables after restarting the system. Now we will see how to create a script for start and stop iptables also to make the script to start on system startup.

1. Create a Firewall script

 vim /etc/set_iptables.bash

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 192.168.0.10 --dport 555 -j DNAT --to 192.168.0.12:22
iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.12 --dport 22 -j ACCEPT

2. Change the file permission mod

sudo chmod o+x /etc/set_iptables.bash

3. Create a start.stop script

vim /etc/init.d/iptables

#!/bin/bash

RETVAL=0

# To start the firewall
start() {
  echo -n "Iptables rules creation: "
  /etc/set_iptables.bash
  RETVAL=0
}

# To stop the firewall
stop() {
  echo -n "Removing all iptables rules: "
  /sbin/iptables -F
  RETVAL=0
}

case $1 in
  start)
    start
    ;;
  stop)
    stop
    ;;
  restart)
    stop
    start
    ;;
  status)
    /sbin/iptables -L
    /sbin/iptables -t nat -L
    RETVAL=0
    ;;
  *)
    echo "Usage: iptables {start|stop|restart|status}"
    RETVAL=1
esac
exit

4. Change the file permission mod

sudo chmod o+x /etc/init.d/iptables

5. The final step is to make your script running on each boot of your computer:

sudo update-rc.d iptables defaults

Now you can use these commands to start/stop/restart/status your iptables.

sudo /etc/init.d/iptables start
sudo /etc/init.d/iptables stop
sudo /etc/init.d/iptables restart
sudo /etc/init.d/iptables status