Cannot get iptables-restore to run during startup

I am trying to add a webserver to my desktop fedora machine, and in order to do so I need the ports 80 and 443 to be open. I can achieve this by using iptables, and I saved my configuration to a file (/root/iptables_rules). When I reboot the computer, I can type iptables-restore < /root/iptables_rules to restore the previously set rules. However, when I put that command in /etc/rc.local it seems to have no effect. The permissions on /root/iptables_rules are -rw-r--r--. (user root:root) .
I have also tried putting the command in a systemd unit which runs after network, which also had no effect. Does anyone know what might be causing this/how I can fix it?



On systemd the rc-local service needs to be enabled:

sudo systemctl enable rc-local

Also the service file expects rc.local to be in:


Thanks Tom.

Thanks. systemctl says:
The unit files have no installation config (WantedBy = etc. ). This means they are not meant to be enabled using systemctl.


Sorry I forgot, for some reason or another the package provided systemd unit file is missing the installation config. Easily fixed by creating a unit file in /etc/systemd/system, to prevent it being overwritten in future updates:


should contain:

Description=/etc/rc.d/rc.local Compatibility

ExecStart=/etc/rc.d/rc.local start


Now issuing sudo systemctl enable rc-local should work.

Thanks Tom.

Ok now I’m getting /root/iptables_rules : permission denied (from systemctl status). It works when I run rc.local as root from the commandline


Could try adding:


To the start of the service section, shouldn’t be required; unit file works here, only difference is the rules file path:


Thanks Tom.

That still doesn’t work, but the systemctl start works when selinux is disabled


So restoring the iptable rules now works, with selinux disabled? This makes sense, disabled on the system here as its running pihole.

Sorry selinux is beyond my knowledge.

Thanks Tom.

Ok, thanks for your help so far

sudo dnf install iptables-services
sudo systemctl --now mask firewalld.service
sudoedit /etc/sysconfig/iptables /etc/sysconfig/ip6tables
sudo systemctl --now enable iptables.service ip6tables.service
1 Like

Thank you, that worked! Is the firewall disabled now, and is that a problem?