iptables rules missing after docker restart. How to save permanently?

Question

I am running docker and Zerotier and for Zerotier to work properly, I need to add rules to iptables. However, after each reboot this rule is removed by docker.

So I wanted to store the rule using iptables-persistent. But still, after reboot the rule is gone. I was using

sudo iptables -I DOCKER-USER -p all -i br0 -j ACCEPT
sudo iptables-save 

Any idea what I am missing?

Answer 1

iptables-save outputs the rules to stdout. You need to write the output to the file the the system loads them from, typically /etc/iptables/rules.v4.

If you are root, this would work: iptables-save > /etc/iptables/rules.v4

sudo of course doesn't play nice with redirects, but at least some iptables-save implementations (Ubuntu 20.04) has a -f/--file option that writes to a specified file under sudo:

sudo iptables-save -f /etc/iptables/rules.v4