I am using GUI tool to setup firewall rules for my home computer connected to ADSL (DSL/Cable) network. However, after reboot my rules are not saved. Is there any way I can save and load all firewall rules again?
You need to use the iptables-save command, which is used to dump the contents of an IP Table in easily parseable format to screen. Using I/O-redirection provided by your shell you can save iptables firewall rules to a file.
To restore iptables rules use the iptables-restore command. It is used to restore an IP Tables from data specified from file. Use I/O redirection provided by your shell to read from a file.
Examples: Saving and Restoring Iptables Rules
In this example, save current iptables firewall rules to a file called /root/dsl.fw, enter:
# iptables-save > /root/dsl.fw
To restore iptables rules, enter:
# iptables-restore < /root/dsl.fw
To restore rules automatically upon Linux system reboot add following command to your /etc/rc.local file, enter:
# vi /etc/rc.local
Append the line:
/sbin/iptables-restore < /root/dsl.fw
Save and close the file. Please note that under Red Hat enterprise Linux (RHEL) / CentOS / Fedora Linux you can use following commands to save and restore firewall rules. To Save the rules to /etc/sysconfig/iptables file:
# /etc/init.d/iptables save
To restore the rules from /etc/sysconfig/iptables file:
# /etc/init.d/iptables start
If you are using Debian / Ubuntu Linux open /etc/network/interfaces:
# vi /etc/network/interfaces
Append the line to eth0 section:
post-up iptables-restore
Close and save the file. Reboot the system.
See also:
🐧 16 comments so far... add one ↓
Ubuntu Linux Save / Restore Iptables Rules
How to save iptables firewall rules permanently on Linux
Linux: Iptables List and Show All NAT IPTables Rules Command
How to save existing file to a new file (save as) in…
Where Does Linux Save Wireless Card Settings?
How to list all iptables rules with line numbers on Linux
How to add comments to iptables rules on Linux
| Category | List of Unix and Linux commands |
|---|---|
| Disk space analyzers | df • ncdu • pydf |
| File Management | cat • tree |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | NetHogs • dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Thank you! This helped me out a lot.
Does not work on Ubuntu 8.04
On Redhat/Fedora, you can do
service iptables save
And it will write a file in /etc/sysconfig that will be read on startup if the iptables service is enabled in the current runlevel.
Gr8 Man Thanks a lot…..
This solution works well assuming one of two things:
Either:
1) You are only using rules that are compatible with the GUI firewall editor (system-config-securitylevel)
or
2) You are not using system-config-securitylevel
system-config-securitylevel rewrites iptables without any lines it does not like (in my case, for example the rule “-I ‘RH-Firewall-1-INPUT’ 1 -s x.x.x.x -j ACCEPT” where x.x.x.x is an ip address) – system-config-securitylevel does not support filtering by source or destination computer (for some reason)
The workaround I found for this is to:
1) create a file called /etc/sysconfig/iptables-custom
2) add the rule to the file. If you need a template for adding rules, look at your /etc/sysconfig/iptables file to see your existing rules
3) edit /etc/init.d/iptables
In the start() function there should be a line that says something like this:
“$IPTABLES-restore $OPT $IPTABLES_DATA”
This means to restore the rules from /etc/sysconfig/iptables
BELOW THIS RULE add a line that says
“$IPTABLES-restore -n < /etc/sysconfig/iptables-custom"
The -n option is important. Without it, you would overwrite all other rules and ONLY have the rules in iptables-custom (meaning system-config-securitylevel wouldn't work any more as it would edit an unused file)
The one thing to keep in mind is that updating/reinstalling iptables will likely rewrite /etc/init.d/iptables, removing the line that adds iptables-custom
No! in Debian you must save your rules in
this
That’s, of course, if you’re using bash and have save the rules in this way
Debian/Ubuntu has a package named iptables-persistent that handles iptables-restore/iptables-save based on /etc/iptables/rules
A lot more elegant compared to making post interface-up scripts or a custom init script, imho.
hei i want to ask, i setting my iptables on mandriva 2011, and also save it using /sbin/service iptables save. the problem is when my laptop restart the rules is gone, can anyone help me?
see /etc/sysconfig/iptables-config for autosave of rules after firewall or machine restart
I hv a CentOS system and have this same problem. I have input lot to iptables but when it restart, all my iptables INPUT are gone. I was using command “service iptables save”.
I am confused .. so which one I should use for the next time?
# /etc/init.d/iptables save
or
# /sbin/service iptables save
Are those 2 commands same? Which one should I choose so the next time I restart my VPS, my iptables still remain. Please help.
Yes,those are same commands.
I want to export iptables rules from machine A to machine B.
I have dump current iptables rules from machine A with:
$ iptables-save > iptables.rules
But, at the bottom of the file there also attached firewall configuration from the machine A. Do I have just change the “Chain acctboth” configuration on machine B?
Or is there any better way to export iptables rules, I just want to export the INPUT rules.
Thanks.
You could try: iptables-save | grep -e ‘^-A INPUT’ > test.txt
Hi there, I tried this guide but it did not keep settings after a reboot. I am using an Asus N56U. Any ideas? Thanks
Asus N56U comes with either default firmware or 3rd party firmware such as DD-WRT. Due to flash module disk size limit these commands may not work on embedded tiny devices. See your firmware documentation for firewall rules.
Worked on CENTOS 6.6 x86_64 virtuozzo, WHM 11.46.2 (build 4) – thank you!