Thank you! This helped me out a lot.
Does not work on Ubuntu 8.04
On Redhat/Fedora, you can do
service iptables save
And it will write a file in /etc/sysconfig that will be read on startup if the iptables service is enabled in the current runlevel.
Gr8 Man Thanks a lot…..
This solution works well assuming one of two things: Either: 1) You are only using rules that are compatible with the GUI firewall editor (system-config-securitylevel) or 2) You are not using system-config-securitylevel
system-config-securitylevel rewrites iptables without any lines it does not like (in my case, for example the rule “-I ‘RH-Firewall-1-INPUT’ 1 -s x.x.x.x -j ACCEPT” where x.x.x.x is an ip address) – system-config-securitylevel does not support filtering by source or destination computer (for some reason)
The workaround I found for this is to: 1) create a file called /etc/sysconfig/iptables-custom 2) add the rule to the file. If you need a template for adding rules, look at your /etc/sysconfig/iptables file to see your existing rules 3) edit /etc/init.d/iptables In the start() function there should be a line that says something like this: “$IPTABLES-restore $OPT $IPTABLES_DATA” This means to restore the rules from /etc/sysconfig/iptables BELOW THIS RULE add a line that says “$IPTABLES-restore -n < /etc/sysconfig/iptables-custom" The -n option is important. Without it, you would overwrite all other rules and ONLY have the rules in iptables-custom (meaning system-config-securitylevel wouldn't work any more as it would edit an unused file)
The one thing to keep in mind is that updating/reinstalling iptables will likely rewrite /etc/init.d/iptables, removing the line that adds iptables-custom
If you are using Debian Linux open /etc/network/interfaces…
No! in Debian you must save your rules in
/sbin/iptables-restore < /etc/iptables.up.rules
That’s, of course, if you’re using bash and have save the rules in this way
iptables-save > /etc/iptables.up.rules
Debian/Ubuntu has a package named iptables-persistent that handles iptables-restore/iptables-save based on /etc/iptables/rules
A lot more elegant compared to making post interface-up scripts or a custom init script, imho.
hei i want to ask, i setting my iptables on mandriva 2011, and also save it using /sbin/service iptables save. the problem is when my laptop restart the rules is gone, can anyone help me?
see /etc/sysconfig/iptables-config for autosave of rules after firewall or machine restart
I hv a CentOS system and have this same problem. I have input lot to iptables but when it restart, all my iptables INPUT are gone. I was using command “service iptables save”.
I am confused .. so which one I should use for the next time?
# /etc/init.d/iptables save or # /sbin/service iptables save
Are those 2 commands same? Which one should I choose so the next time I restart my VPS, my iptables still remain. Please help.
Yes,those are same commands.
I want to export iptables rules from machine A to machine B.
I have dump current iptables rules from machine A with: $ iptables-save > iptables.rules
But, at the bottom of the file there also attached firewall configuration from the machine A. Do I have just change the “Chain acctboth” configuration on machine B?
Or is there any better way to export iptables rules, I just want to export the INPUT rules.
You could try: iptables-save | grep -e ‘^-A INPUT’ > test.txt
Hi there, I tried this guide but it did not keep settings after a reboot. I am using an Asus N56U. Any ideas? Thanks
Asus N56U comes with either default firmware or 3rd party firmware such as DD-WRT. Due to flash module disk size limit these commands may not work on embedded tiny devices. See your firmware documentation for firewall rules.
Worked on CENTOS 6.6 x86_64 virtuozzo, WHM 11.46.2 (build 4) – thank you!
Leave a Comment
Next FAQ: Error: Couldn’t open display (null) and solution
Previous FAQ: GUI Tools for managing MySQL databases server
Don’t Miss Any Linux Tips
Get nixCraft in your inbox. It's free: