iptables firewall rules are not persistent across reboots - missing documentation

[gcharang]

Existing documentation URL(s)

https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-with-firewall

What changes are you suggesting?

The "OS-level firewall rules" section provides iptables commands to block ingress traffic, but does not mention that these rules are temporary and will be lost on reboot. This is a significant omission because:

1. Users following this guide expect their server to remain protected after implementing these firewall rules
2. After a reboot, all iptables rules are cleared, leaving services directly exposed to the internet
3. This defeats the purpose of the "positive security model" the documentation describes

Suggested fix: Add a note or additional step after the iptables commands explaining how to make the rules persistent. For example:

Debian/Ubuntu:

sudo apt install iptables-persistent
sudo netfilter-persistent save

Additional information

No response

[cicku]

While I agree that there is space for the improvement, FYI most of Linux distros have moved to nftables, and iptables should not be mentioned at all.