Q. I am using GUI tool to setup rules for my home computer connected to ADSL (DSL/Cable) network. However after reboot my rules are not there. Is there any way I can save and load them again.
A. You need to use iptables-save command which is used to dump the contents of an IP Table in easily parseable format to screen. Using I/O-redirection provided by your shell you can save iptables firewall rules to a file.
Next time when you want to restore iptables rules use iptables-restore command. It is used to restore IP Tables from data specified from file. Use I/O redirection provided by your shell to read from a file.
Example
For example, save current iptables firewall rules:
# iptables-save > /root/dsl.fw
To restore iptables rules:
# iptables-restore < /root/dsl.fw
Redhat/Fedora core linux
To restore rules automatically upon Linux system reboot add following command to your /etc/rc.local (if you are using Fedora or Red Hat Linux):
# vi /etc/rc.local
Append the line:
iptables-restore < /root/dsl.fw
Save the file. Please note that under Red Hat enterprise Linux you can use following commands:
To Save the rules to /etc/sysconfig/iptables file:
# /etc/init.d/iptables save
To Restore the rules from /etc/sysconfig/iptables file:
# /etc/init.d/iptables start
If you are using Debian Linux open /etc/network/interfaces:
# vi /etc/network/interfaces
Append the line to eth0 section:
post-up iptables-restore
Close and save the file. Reboot the system.
- Email FAQ to a friend
- Printable version
- Rss Feed
- Last Updated: 4-22-07
{ 4 comments… read them below or add one }
Thank you! This helped me out a lot.
On Redhat/Fedora, you can do
service iptables save
And it will write a file in /etc/sysconfig that will be read on startup if the iptables service is enabled in the current runlevel.
Gr8 Man Thanks a lot…..
This solution works well assuming one of two things:
Either:
1) You are only using rules that are compatible with the GUI firewall editor (system-config-securitylevel)
or
2) You are not using system-config-securitylevel
system-config-securitylevel rewrites iptables without any lines it does not like (in my case, for example the rule “-I ‘RH-Firewall-1-INPUT’ 1 -s x.x.x.x -j ACCEPT” where x.x.x.x is an ip address) – system-config-securitylevel does not support filtering by source or destination computer (for some reason)
The workaround I found for this is to:
1) create a file called /etc/sysconfig/iptables-custom
2) add the rule to the file. If you need a template for adding rules, look at your /etc/sysconfig/iptables file to see your existing rules
3) edit /etc/init.d/iptables
In the start() function there should be a line that says something like this:
“$IPTABLES-restore $OPT $IPTABLES_DATA”
This means to restore the rules from /etc/sysconfig/iptables
BELOW THIS RULE add a line that says
“$IPTABLES-restore -n < /etc/sysconfig/iptables-custom"
The -n option is important. Without it, you would overwrite all other rules and ONLY have the rules in iptables-custom (meaning system-config-securitylevel wouldn't work any more as it would edit an unused file)
The one thing to keep in mind is that updating/reinstalling iptables will likely rewrite /etc/init.d/iptables, removing the line that adds iptables-custom