Howto save firewall changes made with iptables

A HA running on a RPi (installed the image) is connected using a Ethernet cable and via WiFi to another network. I’ve created some port forwarding between both networks so I can access devices on the other network. I’ve used iptables for that using the SSH terminal add-on. This all works fine, but the changes are not persistent, after a reboot they are lost.
How can you make those changes persistent? And will they survive an update of the OS?

Usually on linux you can install iptables-persistent, which will allow config to survive a reboot. I am not sure that you can do that here, but may be possible. The other option would be to create a shell command, that you would run from an automation that is triggered on startup.

Thanks, the shell command was my back-up plan.

The shell commands are not so easy.
Tried:

service: hassio.addon_stdin
data:
  addon: a0d7b954_ssh
  input: "/bin/bash /config/myscript.sh"

But that does not work. The .sh file has execution rights and when I start it from the ‘SSH & Web Terminal’ add-on it just works fine.

Using a shell command to send a ssh command also does not work. Been struggeling with rsa-keys but cannot get it to work. You can find all kind of explanations on the ssh-ing to other devices but not to the Pi with HA running on it.

So I’m al little bit out of options…

Just read that the ‘SSH & Web terminal’ add-on does not support the hassio.addon_stdin function anymore because of a possible security problem.

automation:
  alias: port forwarding on startup
  id: 656ffd0d-7960-4903-a179-793970637b03
  trigger:
  - platform: homeassistant
    event: start
  action:
    service: shell_command.run_script


shell_command:
  run_script: bash /config/myscript.sh

ssh-ing—> SSH'ing from a command line sensor or shell command

Thanks, the problem with this is that it is executed in de HA docker container environment. For the port forwarding between the networks I’m looking for it must run at the host level.

Now I noticed that when all the portforwardings are active communication with some Shelly devices get disturbed.

I’ve another Pi running some kind of digital signage maybe I should connect that Pi to both networks and run the iptables command on that Pi. That setup does not use any docker containers.