Ubuntu (and Debian) offer the package iptables-persistent (Debian: http://packages.debian.org/wheezy/iptables-persistent , Ubuntu: http://packages.ubuntu.com/saucy/iptables-persistent) , which does exactly what you want. As root, or via sudo:
apt-get install iptables-persistent
iptables-save > /etc/iptables/rules.v4
If you're working with ip6tables, you'll want to also ip6tables-save > /etc/iptables/rules.v6.
You must save the tables again (iptables-save > /etc/iptables/rules.v4, ip6tables-save > /etc/iptables/rules.v6) after any change you make.
On older versions (before iptables-0.5, and before Debian Wheezy) you will need write to a different file:
iptables-save > /etc/iptables/rules
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
