Saving IPtables Rules

Once you are satisfied that your IPtables rules are working correctly, you can save your rules to the /etc/sysconfig/iptables file (for IPv6 you use /etc/sysconfig/ip6tables). Use the iptables service script with the save option. Now your rules will be read automatically when your system starts up. You can think of the save operation as installing your IPtables rules on your system, making them part of your system setup whenever you start your system.

service iptables save

To make changes, modify your iptables script, run the service script with stop to clear out the old rules, run the iptables script, and then use the service script with the save option to generate a new /etc/sysconfig/iptables file. A backup of the original is saved in /etc/sysconfig/iptables.save, in case you to need to restore the older rules.

Instead of using the service script, you can save your rules using the iptables-save script. The recommended file to use is /etc/iptables.rules. The service script actually uses iptables-save with the -c option to save rules to the /etc/sysconfig/iptables file. The -c option for iptables-save includes counters in the output (the iptables service script is designed to parse counter information along with the commands). The iptables-save command outputs rules to the standard output. To save them in a file, you must redirect the output to a file with the redirection operator, >, as shown here:

iptables-save -c > /etc/sysconfig/iptables

You can also save your rules to a file of your choosing, such as /etc/iptables.rules. The /etc/rc.d/init.d/iptables service script defines the IPTABLES_CONFIG variable, which holds the name of the IPtables configuration file, /etc/sysconfig/iptables.

iptables-save > /etc/iptables.rules

Then, to restore the rules, use the iptables-restore script to read the IPtables commands from that saved file:

iptables-restore < /etc/iptables.rules

Continue reading here: Red Hat and Fedora ip6tables Support

Was this article helpful?

+1 0