Saving iptables - different approach?

Hello All,

I wanted to clarify how to make changes persistent for iptables. So far I have seen several approaches and not sure which one is correct.

  1. sudo iptables-save
  2. sudo service iptables save
  3. sudo iptables-save > /etc/sysconfig/iptables

Personally following has been experience

sudo iptables-save
This works when iptables is enabled, otherwise after iptables restart, the changes revert.
Also here, it explains that sudo iptables-save should work if the iptables-services pacage is installed.

sudo iptables-save > /etc/sysconfig/iptables
I received a permission issue, do not remember exactly (nor I have more details to share)

sudo service iptables save
Yet to use it.

It will be great, if someone can explain which one works in which circumstances?

looks like I am wrong. I tried sudo iptables-save approach for the below task and did not work. sudo service iptables save worked.

We have one of our websites up and running on our Nautilus infrastructure in Stratos DC. Our security team has raised a concern that right now Apache’s port i.e 5000 is open for all since there is no firewall installed on these hosts. So we have decided to add some security layer for these hosts and after discussions and recommendations we have come up with the following requirements:
Install iptables and all its dependencies on each app host.
Block incoming port 5000 on all apps for everyone except for LBR host.
Make sure the rules remain, even after system reboot.

Can someone throw light on this? According to redhat documentation, service iptables save should have committed the rules but in my case it didnt happen and the task failed. On retry, I tried iptables-save in addition to the above command and this time the tasks succeeded.