Comments on: How do I save iptables rules or settings? http://www.cyberciti.biz/faq/how-do-i-save-iptables-rules-or-settings/ Every answer asks a more beautiful question. Thu, 18 Mar 2010 20:15:46 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Kirk Steuber http://www.cyberciti.biz/faq/how-do-i-save-iptables-rules-or-settings/comment-page-1/#comment-42243 Kirk Steuber Thu, 25 Jun 2009 17:52:05 +0000 http://www.cyberciti.biz/faq/faq/how-do-i-save-iptables-rules-or-settings.php#comment-42243 This solution works well assuming one of two things: Either: 1) You are only using rules that are compatible with the GUI firewall editor (system-config-securitylevel) or 2) You are not using system-config-securitylevel system-config-securitylevel rewrites iptables without any lines it does not like (in my case, for example the rule "-I 'RH-Firewall-1-INPUT' 1 -s x.x.x.x -j ACCEPT" where x.x.x.x is an ip address) - system-config-securitylevel does not support filtering by source or destination computer (for some reason) The workaround I found for this is to: 1) create a file called /etc/sysconfig/iptables-custom 2) add the rule to the file. If you need a template for adding rules, look at your /etc/sysconfig/iptables file to see your existing rules 3) edit /etc/init.d/iptables In the start() function there should be a line that says something like this: "$IPTABLES-restore $OPT $IPTABLES_DATA" This means to restore the rules from /etc/sysconfig/iptables BELOW THIS RULE add a line that says "$IPTABLES-restore -n < /etc/sysconfig/iptables-custom" The -n option is important. Without it, you would overwrite all other rules and ONLY have the rules in iptables-custom (meaning system-config-securitylevel wouldn't work any more as it would edit an unused file) The one thing to keep in mind is that updating/reinstalling iptables will likely rewrite /etc/init.d/iptables, removing the line that adds iptables-custom This solution works well assuming one of two things:
Either:
1) You are only using rules that are compatible with the GUI firewall editor (system-config-securitylevel)
or
2) You are not using system-config-securitylevel

system-config-securitylevel rewrites iptables without any lines it does not like (in my case, for example the rule “-I ‘RH-Firewall-1-INPUT’ 1 -s x.x.x.x -j ACCEPT” where x.x.x.x is an ip address) – system-config-securitylevel does not support filtering by source or destination computer (for some reason)

The workaround I found for this is to:
1) create a file called /etc/sysconfig/iptables-custom
2) add the rule to the file. If you need a template for adding rules, look at your /etc/sysconfig/iptables file to see your existing rules
3) edit /etc/init.d/iptables
In the start() function there should be a line that says something like this:
“$IPTABLES-restore $OPT $IPTABLES_DATA”
This means to restore the rules from /etc/sysconfig/iptables
BELOW THIS RULE add a line that says
“$IPTABLES-restore -n < /etc/sysconfig/iptables-custom"
The -n option is important. Without it, you would overwrite all other rules and ONLY have the rules in iptables-custom (meaning system-config-securitylevel wouldn't work any more as it would edit an unused file)

The one thing to keep in mind is that updating/reinstalling iptables will likely rewrite /etc/init.d/iptables, removing the line that adds iptables-custom

]]> By: Hitesh http://www.cyberciti.biz/faq/how-do-i-save-iptables-rules-or-settings/comment-page-1/#comment-40863 Hitesh Mon, 23 Mar 2009 11:38:37 +0000 http://www.cyberciti.biz/faq/faq/how-do-i-save-iptables-rules-or-settings.php#comment-40863 Gr8 Man Thanks a lot..... Gr8 Man Thanks a lot…..

]]> By: Joe http://www.cyberciti.biz/faq/how-do-i-save-iptables-rules-or-settings/comment-page-1/#comment-39218 Joe Fri, 14 Nov 2008 00:47:58 +0000 http://www.cyberciti.biz/faq/faq/how-do-i-save-iptables-rules-or-settings.php#comment-39218 On Redhat/Fedora, you can do service iptables save And it will write a file in /etc/sysconfig that will be read on startup if the iptables service is enabled in the current runlevel. On Redhat/Fedora, you can do

service iptables save

And it will write a file in /etc/sysconfig that will be read on startup if the iptables service is enabled in the current runlevel.

]]> By: Simon Rostron http://www.cyberciti.biz/faq/how-do-i-save-iptables-rules-or-settings/comment-page-1/#comment-37577 Simon Rostron Thu, 06 Mar 2008 06:42:35 +0000 http://www.cyberciti.biz/faq/faq/how-do-i-save-iptables-rules-or-settings.php#comment-37577 Thank you! This helped me out a lot. Thank you! This helped me out a lot.

]]>