Something is modifying my iptable, can it be traced?

I've got the following command in my iptable: -A FORWARD -o enp0s3 -j ACCEPT That somebody doesn't like, because after 2 reboots, it's gone from the iptable... I've got *iptables-persistent* installed, and running ufw (some says it conflicts, but it has worked before) Well, I'm adding the command, saving, rebooting, and it works, then I'm rebooting again, and it works, then I'm rebooting again, and NOW suddenly it's not working anymore, and the -A FORWARD -o enp0s3 -j ACCEPT command in the iptable has been removed. I've even tried to shutdown instead of rebooting, but the same result. So my question is, is there anyway to "see" why this is happening, and what's doing it? I've recently installed apache2 and certbot, and it's after this I discovered this issue, but I have no idea how to fix this.. edit: An interesting development has occurred, I'm using the iptables-save > /tmp/iptables.txt command to get the table, and in that table, the forward command is missing, but when I looked directly into the rules.v4 file, and there the command still exists.. edit: from my rules file: *filter -A INPUT -j ufw-before-logging-input -A INPUT -j ufw-before-input -A INPUT -j ufw-after-input -A INPUT -j ufw-after-logging-input -A INPUT -j ufw-reject-input -A INPUT -j ufw-track-input -A FORWARD -j DOCKER-USER -A FORWARD -j DOCKER-ISOLATION-STAGE-1 -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o docker0 -j DOCKER -A FORWARD -i docker0 ! -o docker0 -j ACCEPT -A FORWARD -i docker0 -o docker0 -j ACCEPT -A FORWARD -j ufw-before-logging-forward -A FORWARD -j ufw-before-forward -A FORWARD -j ufw-after-forward -A FORWARD -j ufw-after-logging-forward -A FORWARD -j ufw-reject-forward -A FORWARD -j ufw-track-forward -A FORWARD -o enp0s3 -j ACCEPT -A OUTPUT -j ufw-before-logging-output -A OUTPUT -j ufw-before-output