{"id":10598,"date":"2026-02-16T11:16:23","date_gmt":"2026-02-16T11:16:23","guid":{"rendered":"https:\/\/developer.rdkcentral.com\/support\/?page_id=10598"},"modified":"2026-02-16T11:18:53","modified_gmt":"2026-02-16T11:18:53","slug":"firewall-rule-persistence","status":"publish","type":"page","link":"https:\/\/developer.rdkcentral.com\/support\/support\/articles\/firewall-rule-persistence\/","title":{"rendered":"Firewall &#8211; Rule persistence"},"content":{"rendered":"\n<h3 class=\"wp-block-heading\">Firewall rule<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Firewall rules defines what kind of Internet traffic is allowed or blocked<\/li>\n\n\n\n<li>Firewall Rules&nbsp;examine the control information in individual packets.<\/li>\n\n\n\n<li>These rules either block or allow the packets based on rules that are defined on the device or in code<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Categories<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>&nbsp;4 categories of rules<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<ol class=\"wp-block-list\">\n<li>raw &#8211; To route raw packets<\/li>\n\n\n\n<li>mangle &#8211; QoS configuration<\/li>\n\n\n\n<li>nat &#8211; routing for IPv4 LAN , ipv6<\/li>\n\n\n\n<li>filter &#8211; filtering internal packets before forward<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">How it is handled in RDKB&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>10_firewall exe is responsible for firewall events and it registers for sysevent callback with service name as firewall.<\/li>\n\n\n\n<li>Handler script is firewall_log_handle.sh.<\/li>\n\n\n\n<li>If any firewall event occurs sysevent is triggered with firewall-restart event name.<\/li>\n\n\n\n<li>On firewall-restart event service_start() method gets called.<\/li>\n\n\n\n<li>Ip4table and Ip6table rules are prepared by reading data from shared memory, written into \/tmp\/.ipt and \/tmp\/.ipt_v6 files respectively.<\/li>\n\n\n\n<li>Iptable rules are restored using these files.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Steps to persist the new rules<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If to replace all the rules with your set of rules<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Create a script and place it under .\/meta-rdk-broadband\/recipes-ccsp\/util\/utopia<\/li>\n\n\n\n<li>Add and install in <a href=\"http:\/\/utopia.bb\">utopia.bb<\/a> fileSRC_URI += &#8220;<a href=\"file:\/\/iptables.sh\">file:\/\/iptables.sh<\/a>&#8220;install -m 755 ${WORKDIR}\/iptables.sh ${D}${sysconfdir}<\/li>\n\n\n\n<li>In firewall.c file , create your function to invoke the script instead of service_start(); in main()static int new_firewall(){system(&#8220;sh \/etc\/iptables.sh&#8221;);return 0;}<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>To have new rules on top of existing rules<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Install your script under \/etc&nbsp;<\/li>\n\n\n\n<li>Invoke your script from firewall_log_handle.sh&nbsp;file&nbsp;\/fss\/gw\/usr\/bin\/GenFWLog -c<br>\/fss\/gw\/usr\/bin\/firewall $*<br>\/etc\/fw_iptables.sh&nbsp;&nbsp;<br>\/fss\/gw\/usr\/bin\/GenFWLog -gc<\/li>\n\n\n\n<li>In script , the rules has to be cleared\/flushed before adding . During firewall restarts , if the rules are not cleared before adding , the same rules will be listed multiple times in &#8220;iptables -L \/ -S&#8221; .<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Manual adding of firewall rules on board<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Place all your new rules in a script under \/nvram<\/li>\n\n\n\n<li>In firewall_log_handle.sh file , add a condition as belowif [ -f \/nvram\/&lt;file&gt;.sh ] then<br>&nbsp; . \/nvram\/&lt;file&gt;.sh<br>fi<\/li>\n\n\n\n<li>Suppose , if&nbsp; any script already running with few set of ip rules (from source code ) which is invoked in firewall_log_handle.sh file , follow the below steps<\/li>\n\n\n\n<li>copy the existing script from \/&lt;original-path&gt;&nbsp; to \/nvram<\/li>\n\n\n\n<li>The changes (adding new rules manually) should be done in the script under \/nvram<\/li>\n\n\n\n<li>In firewall_log_handle.sh file , add the condition as&nbsp;if [ -f \/nvram\/&lt;file&gt;.sh ] then<br>&nbsp; . \/nvram\/&lt;file&gt;.sh<br>else<br>&nbsp; . \/&lt;original-path&gt;\/&lt;file&gt;.sh<br>fi<\/li>\n\n\n\n<li>Once the complete verification is done , the script file from \/nvram has to be deleted .<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Limitations<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>We should not add\/remove the rules directly in firewall.c file since it is common to all other boards<\/li>\n\n\n\n<li>We can do by enabling DISTRO_FEATURE . But again we should be knowing the exact rules to remove\/add . This should not affect the basic functionalities like board bring up , components bring up , routing packets, etc.,<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Firewall rule Categories How it is handled in RDKB&nbsp; Steps to persist the new rules [&hellip;]<\/p>\n","protected":false},"author":659,"featured_media":0,"parent":207,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"footnotes":""},"class_list":["post-10598","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Firewall - Rule persistence - RDK Documentation Portal | Support<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/developer.rdkcentral.com\/support\/support\/articles\/firewall-rule-persistence\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Firewall - Rule persistence - RDK Documentation Portal | Support\" \/>\n<meta property=\"og:description\" content=\"Firewall rule Categories How it is handled in RDKB&nbsp; Steps to persist the new rules [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/developer.rdkcentral.com\/support\/support\/articles\/firewall-rule-persistence\/\" \/>\n<meta property=\"og:site_name\" content=\"RDK Documentation Portal | Support\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-16T11:18:53+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/developer.rdkcentral.com\/support\/support\/articles\/firewall-rule-persistence\/\",\"url\":\"https:\/\/developer.rdkcentral.com\/support\/support\/articles\/firewall-rule-persistence\/\",\"name\":\"Firewall - Rule persistence - RDK Documentation Portal | Support\",\"isPartOf\":{\"@id\":\"https:\/\/developer.rdkcentral.com\/support\/#website\"},\"datePublished\":\"2026-02-16T11:16:23+00:00\",\"dateModified\":\"2026-02-16T11:18:53+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/developer.rdkcentral.com\/support\/support\/articles\/firewall-rule-persistence\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/developer.rdkcentral.com\/support\/support\/articles\/firewall-rule-persistence\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/developer.rdkcentral.com\/support\/support\/articles\/firewall-rule-persistence\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/developer.rdkcentral.com\/support\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/developer.rdkcentral.com\/support\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Articles\",\"item\":\"https:\/\/developer.rdkcentral.com\/support\/support\/articles\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Firewall &#8211; Rule persistence\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/developer.rdkcentral.com\/support\/#website\",\"url\":\"https:\/\/developer.rdkcentral.com\/support\/\",\"name\":\"RDK Documentation Portal | Support\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/developer.rdkcentral.com\/support\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Firewall - Rule persistence - RDK Documentation Portal | Support","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/developer.rdkcentral.com\/support\/support\/articles\/firewall-rule-persistence\/","og_locale":"en_US","og_type":"article","og_title":"Firewall - Rule persistence - RDK Documentation Portal | Support","og_description":"Firewall rule Categories How it is handled in RDKB&nbsp; Steps to persist the new rules [&hellip;]","og_url":"https:\/\/developer.rdkcentral.com\/support\/support\/articles\/firewall-rule-persistence\/","og_site_name":"RDK Documentation Portal | Support","article_modified_time":"2026-02-16T11:18:53+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/developer.rdkcentral.com\/support\/support\/articles\/firewall-rule-persistence\/","url":"https:\/\/developer.rdkcentral.com\/support\/support\/articles\/firewall-rule-persistence\/","name":"Firewall - Rule persistence - RDK Documentation Portal | Support","isPartOf":{"@id":"https:\/\/developer.rdkcentral.com\/support\/#website"},"datePublished":"2026-02-16T11:16:23+00:00","dateModified":"2026-02-16T11:18:53+00:00","breadcrumb":{"@id":"https:\/\/developer.rdkcentral.com\/support\/support\/articles\/firewall-rule-persistence\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/developer.rdkcentral.com\/support\/support\/articles\/firewall-rule-persistence\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/developer.rdkcentral.com\/support\/support\/articles\/firewall-rule-persistence\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/developer.rdkcentral.com\/support\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/developer.rdkcentral.com\/support\/"},{"@type":"ListItem","position":3,"name":"Articles","item":"https:\/\/developer.rdkcentral.com\/support\/support\/articles\/"},{"@type":"ListItem","position":4,"name":"Firewall &#8211; Rule persistence"}]},{"@type":"WebSite","@id":"https:\/\/developer.rdkcentral.com\/support\/#website","url":"https:\/\/developer.rdkcentral.com\/support\/","name":"RDK Documentation Portal | Support","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/developer.rdkcentral.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/developer.rdkcentral.com\/support\/wp-json\/wp\/v2\/pages\/10598","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/developer.rdkcentral.com\/support\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/developer.rdkcentral.com\/support\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/developer.rdkcentral.com\/support\/wp-json\/wp\/v2\/users\/659"}],"replies":[{"embeddable":true,"href":"https:\/\/developer.rdkcentral.com\/support\/wp-json\/wp\/v2\/comments?post=10598"}],"version-history":[{"count":3,"href":"https:\/\/developer.rdkcentral.com\/support\/wp-json\/wp\/v2\/pages\/10598\/revisions"}],"predecessor-version":[{"id":10601,"href":"https:\/\/developer.rdkcentral.com\/support\/wp-json\/wp\/v2\/pages\/10598\/revisions\/10601"}],"up":[{"embeddable":true,"href":"https:\/\/developer.rdkcentral.com\/support\/wp-json\/wp\/v2\/pages\/207"}],"wp:attachment":[{"href":"https:\/\/developer.rdkcentral.com\/support\/wp-json\/wp\/v2\/media?parent=10598"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}