Comments on: How Do I Save Iptables Rules or Settings? http://www.cyberciti.biz/faq/how-do-i-save-iptables-rules-or-settings/ Every answer asks a more beautiful question. Fri, 10 Feb 2012 19:55:56 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Debianerohttp://www.cyberciti.biz/faq/how-do-i-save-iptables-rules-or-settings/#comment-57048 Debianero Mon, 04 Apr 2011 00:49:57 +0000 http://www.cyberciti.biz/faq/faq/how-do-i-save-iptables-rules-or-settings.php#comment-57048 <blockquote>If you are using Debian Linux open /etc/network/interfaces...</blockquote> No! in Debian you must save your rules in <pre>/etc/network/if-pre-up.d/iptables</pre> this <pre>#!/bin/bash /sbin/iptables-restore < /etc/iptables.up.rules</pre> That's, of course, if you're using bash and have save the rules in this way <pre>iptables-save > /etc/iptables.up.rules</pre>

If you are using Debian Linux open /etc/network/interfaces…

No! in Debian you must save your rules in

/etc/network/if-pre-up.d/iptables

this

#!/bin/bash
/sbin/iptables-restore < /etc/iptables.up.rules

That’s, of course, if you’re using bash and have save the rules in this way

iptables-save > /etc/iptables.up.rules
]]> By: S. P.http://www.cyberciti.biz/faq/how-do-i-save-iptables-rules-or-settings/#comment-48145 S. P. Wed, 30 Jun 2010 13:10:30 +0000 http://www.cyberciti.biz/faq/faq/how-do-i-save-iptables-rules-or-settings.php#comment-48145 Does not work on Ubuntu 8.04 Does not work on Ubuntu 8.04

]]> By: Kirk Steuberhttp://www.cyberciti.biz/faq/how-do-i-save-iptables-rules-or-settings/#comment-42243 Kirk Steuber Thu, 25 Jun 2009 17:52:05 +0000 http://www.cyberciti.biz/faq/faq/how-do-i-save-iptables-rules-or-settings.php#comment-42243 This solution works well assuming one of two things: Either: 1) You are only using rules that are compatible with the GUI firewall editor (system-config-securitylevel) or 2) You are not using system-config-securitylevel system-config-securitylevel rewrites iptables without any lines it does not like (in my case, for example the rule "-I 'RH-Firewall-1-INPUT' 1 -s x.x.x.x -j ACCEPT" where x.x.x.x is an ip address) - system-config-securitylevel does not support filtering by source or destination computer (for some reason) The workaround I found for this is to: 1) create a file called /etc/sysconfig/iptables-custom 2) add the rule to the file. If you need a template for adding rules, look at your /etc/sysconfig/iptables file to see your existing rules 3) edit /etc/init.d/iptables In the start() function there should be a line that says something like this: "$IPTABLES-restore $OPT $IPTABLES_DATA" This means to restore the rules from /etc/sysconfig/iptables BELOW THIS RULE add a line that says "$IPTABLES-restore -n < /etc/sysconfig/iptables-custom" The -n option is important. Without it, you would overwrite all other rules and ONLY have the rules in iptables-custom (meaning system-config-securitylevel wouldn't work any more as it would edit an unused file) The one thing to keep in mind is that updating/reinstalling iptables will likely rewrite /etc/init.d/iptables, removing the line that adds iptables-custom This solution works well assuming one of two things:
Either:
1) You are only using rules that are compatible with the GUI firewall editor (system-config-securitylevel)
or
2) You are not using system-config-securitylevel

system-config-securitylevel rewrites iptables without any lines it does not like (in my case, for example the rule “-I ‘RH-Firewall-1-INPUT’ 1 -s x.x.x.x -j ACCEPT” where x.x.x.x is an ip address) – system-config-securitylevel does not support filtering by source or destination computer (for some reason)

The workaround I found for this is to:
1) create a file called /etc/sysconfig/iptables-custom
2) add the rule to the file. If you need a template for adding rules, look at your /etc/sysconfig/iptables file to see your existing rules
3) edit /etc/init.d/iptables
In the start() function there should be a line that says something like this:
“$IPTABLES-restore $OPT $IPTABLES_DATA”
This means to restore the rules from /etc/sysconfig/iptables
BELOW THIS RULE add a line that says
“$IPTABLES-restore -n < /etc/sysconfig/iptables-custom"
The -n option is important. Without it, you would overwrite all other rules and ONLY have the rules in iptables-custom (meaning system-config-securitylevel wouldn't work any more as it would edit an unused file)

The one thing to keep in mind is that updating/reinstalling iptables will likely rewrite /etc/init.d/iptables, removing the line that adds iptables-custom

]]> By: Hiteshhttp://www.cyberciti.biz/faq/how-do-i-save-iptables-rules-or-settings/#comment-40863 Hitesh Mon, 23 Mar 2009 11:38:37 +0000 http://www.cyberciti.biz/faq/faq/how-do-i-save-iptables-rules-or-settings.php#comment-40863 Gr8 Man Thanks a lot..... Gr8 Man Thanks a lot…..

]]> By: Joehttp://www.cyberciti.biz/faq/how-do-i-save-iptables-rules-or-settings/#comment-39218 Joe Fri, 14 Nov 2008 00:47:58 +0000 http://www.cyberciti.biz/faq/faq/how-do-i-save-iptables-rules-or-settings.php#comment-39218 On Redhat/Fedora, you can do service iptables save And it will write a file in /etc/sysconfig that will be read on startup if the iptables service is enabled in the current runlevel. On Redhat/Fedora, you can do

service iptables save

And it will write a file in /etc/sysconfig that will be read on startup if the iptables service is enabled in the current runlevel.

]]> By: Simon Rostronhttp://www.cyberciti.biz/faq/how-do-i-save-iptables-rules-or-settings/#comment-37577 Simon Rostron Thu, 06 Mar 2008 06:42:35 +0000 http://www.cyberciti.biz/faq/faq/how-do-i-save-iptables-rules-or-settings.php#comment-37577 Thank you! This helped me out a lot. Thank you! This helped me out a lot.

]]>