Reloading iptables

Normally your firewall rules are in the config file /etc/iptables.firewall.rules

To activate the rules defined in your file you must send them to iptables-restore (you can use another file if you want):

sudo iptables-restore < /etc/iptables.firewall.rules

And you can check that they are activated with:

sudo iptables -L

If you want to activate the same rules each time you boot the computer create this file:

sudo nano /etc/network/if-pre-up.d/firewall

With this content:

#!/bin/sh
/sbin/iptables-restore < /etc/iptables.firewall.rules

And give it permission of execution:

sudo chmod +x /etc/network/if-pre-up.d/firewall

Hope it helps you =)

Example file for /etc/iptables.firewall.rules:

*filter

#  Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT

#  Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#  Allow all outbound traffic - you can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT

#  Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

#  Allow SSH connections
#
#  The -dport number should be the same port number you set in sshd_config
#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

#  Allow ping
-A INPUT -p icmp -j ACCEPT

#  Log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

#  Drop all other inbound - default deny unless explicitly allowed policy
-A INPUT -j DROP
-A FORWARD -j DROP

COMMIT

Easiest way is to reboot (also if below does not work, reboot, check if that made the change).

Second easiest is to restart the daemons using iptables configurations (google: restart daemon ubuntu).

examples (depends your configuration):

/etc/init.d/iptables restart  

/etc/init.d/networking restart  

/etc/init.d/firewall restart

If you've executed your rules they are already running and no reloading is necessary. In case where you have a configuration file but it hasn't been executed best way I've seen so far is to use iptables-apply (an iptables extension).

iptables-apply -t 60 your_rules_file

This will apply the rules for 60 seconds (10 by default) and revert them if you don't confirm them. This will save you in case you are thrown out of the system because of the rules (ex. if you are operating through ssh).

You can use the following as a replacement:

iptables-restore < your_rules_file; sleep 60; iptables-restore < clean_rules