redhat iptables not saving?

[yairgo]

This might not be an issue, but my customer told me that on reboot of the system we stood up for them via chef, their ip tables rules are not persistent.

excuse my ignorance, but can someone explain to me what this is doing and why redhat/centos are not in the list of platforms?

case node[:platform]
when "ubuntu", "debian"
  iptables_save_file = "/etc/iptables/general"

  template "/etc/network/if-pre-up.d/iptables_load" do
    source "iptables_load.erb"
    mode 0755
    variables :iptables_save_file => iptables_save_file
  end
end

BTW: I read through the cookbook and see that the rebuild-iptables.erb is supposed to write the ip table rules to "/etc/sysconfig/iptables", I was more so curious as to why the above is needed.

template "/usr/sbin/rebuild-iptables" do
  source "rebuild-iptables.erb"
  mode 0755
  variables(
    :hashbang => ::File.exist?('/usr/bin/ruby') ? '/usr/bin/ruby' : '/opt/chef/embedded/bin/ruby'
  )
end

[dennyzhang]

Yes, it confuses me as well.

[stevejmason]

I also had this problem with Amazon Linux (aka Enterprise Linux), where rules where not showing in "iptables -L" after a reboot.

This turned out to be because the "iptables" service was not being enabled with chkconfig. Simply enabling the service with chkconfig resulted in the rules being present after a reboot.

$ chkconfig --list iptables
iptables        0:off   1:off   2:off   3:off   4:off   5:off   6:off
$ chkconfig iptables on
$ chkconfig --list iptables
iptables        0:off 1:off 2:on  3:on  4:on  5:on  6:off
$ sudo reboot

However, above is too manual, presume the cookbook should enable the service like below?

service 'iptables' do
  action [:enable, :start]
end

[tas50]

We're now enabling the services on RHEL based systems. This shouldn't be an issue anymore.