How Do I Save Iptables Rules or Settings?

I am using GUI tool to setup firewall rules for my home computer connected to ADSL (DSL/Cable) network. However, after reboot my rules are not saved. Is there any way I can save and load all firewall rules again?

You need to use the iptables-save command, which is used to dump the contents of an IP Table in easily parseable format to screen. Using I/O-redirection provided by your shell you can save iptables firewall rules to a file.

To restore iptables rules use the iptables-restore command. It is used to restore an IP Tables from data specified from file. Use I/O redirection provided by your shell to read from a file.

Examples: Saving and Restoring Iptables Rules

In this example, save current iptables firewall rules to a file called /root/dsl.fw, enter:
# iptables-save > /root/dsl.fw
To restore iptables rules, enter:
# iptables-restore < /root/dsl.fw

To restore rules automatically upon Linux system reboot add following command to your /etc/rc.local file, enter:
# vi /etc/rc.local
Append the line:
/sbin/iptables-restore < /root/dsl.fw
Save and close the file. Please note that under Red Hat enterprise Linux (RHEL) / CentOS / Fedora Linux you can use following commands to save and restore firewall rules. To Save the rules to /etc/sysconfig/iptables file:
# /etc/init.d/iptables save
To restore the rules from /etc/sysconfig/iptables file:
# /etc/init.d/iptables start
If you are using Debian / Ubuntu Linux open /etc/network/interfaces:
# vi /etc/network/interfaces
Append the line to eth0 section:
post-up iptables-restore
Close and save the file. Reboot the system.

See also:

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 16 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
16 comments… add one
  • Simon Rostron Mar 6, 2008 @ 6:42

    Thank you! This helped me out a lot.

    • S. P. Jun 30, 2010 @ 13:10

      Does not work on Ubuntu 8.04

  • Joe Nov 14, 2008 @ 0:47

    On Redhat/Fedora, you can do

    service iptables save

    And it will write a file in /etc/sysconfig that will be read on startup if the iptables service is enabled in the current runlevel.

  • Hitesh Mar 23, 2009 @ 11:38

    Gr8 Man Thanks a lot…..

  • Kirk Steuber Jun 25, 2009 @ 17:52

    This solution works well assuming one of two things:
    1) You are only using rules that are compatible with the GUI firewall editor (system-config-securitylevel)
    2) You are not using system-config-securitylevel

    system-config-securitylevel rewrites iptables without any lines it does not like (in my case, for example the rule “-I ‘RH-Firewall-1-INPUT’ 1 -s x.x.x.x -j ACCEPT” where x.x.x.x is an ip address) – system-config-securitylevel does not support filtering by source or destination computer (for some reason)

    The workaround I found for this is to:
    1) create a file called /etc/sysconfig/iptables-custom
    2) add the rule to the file. If you need a template for adding rules, look at your /etc/sysconfig/iptables file to see your existing rules
    3) edit /etc/init.d/iptables
    In the start() function there should be a line that says something like this:
    This means to restore the rules from /etc/sysconfig/iptables
    BELOW THIS RULE add a line that says
    “$IPTABLES-restore -n < /etc/sysconfig/iptables-custom"
    The -n option is important. Without it, you would overwrite all other rules and ONLY have the rules in iptables-custom (meaning system-config-securitylevel wouldn't work any more as it would edit an unused file)

    The one thing to keep in mind is that updating/reinstalling iptables will likely rewrite /etc/init.d/iptables, removing the line that adds iptables-custom

  • Debianero Apr 4, 2011 @ 0:49

    If you are using Debian Linux open /etc/network/interfaces…

    No! in Debian you must save your rules in



    /sbin/iptables-restore < /etc/iptables.up.rules

    That’s, of course, if you’re using bash and have save the rules in this way

    iptables-save > /etc/iptables.up.rules
  • Jack Wade Aug 31, 2012 @ 19:43

    Debian/Ubuntu has a package named iptables-persistent that handles iptables-restore/iptables-save based on /etc/iptables/rules

    A lot more elegant compared to making post interface-up scripts or a custom init script, imho.

  • robert Nov 3, 2012 @ 16:06

    hei i want to ask, i setting my iptables on mandriva 2011, and also save it using /sbin/service iptables save. the problem is when my laptop restart the rules is gone, can anyone help me?

  • sachin Dec 6, 2012 @ 13:01

    see /etc/sysconfig/iptables-config for autosave of rules after firewall or machine restart

  • Anton Dec 6, 2012 @ 16:51

    I hv a CentOS system and have this same problem. I have input lot to iptables but when it restart, all my iptables INPUT are gone. I was using command “service iptables save”.

    I am confused .. so which one I should use for the next time?

    # /etc/init.d/iptables save
    # /sbin/service iptables save

    Are those 2 commands same? Which one should I choose so the next time I restart my VPS, my iptables still remain. Please help.

  • Anton Dec 24, 2012 @ 17:32

    I want to export iptables rules from machine A to machine B.

    I have dump current iptables rules from machine A with:
    $ iptables-save > iptables.rules

    But, at the bottom of the file there also attached firewall configuration from the machine A. Do I have just change the “Chain acctboth” configuration on machine B?

    Or is there any better way to export iptables rules, I just want to export the INPUT rules.


    • Gabe Sep 17, 2014 @ 19:04

      You could try: iptables-save | grep -e ‘^-A INPUT’ > test.txt

  • callum Mar 9, 2014 @ 5:25

    Hi there, I tried this guide but it did not keep settings after a reboot. I am using an Asus N56U. Any ideas? Thanks

    • 🐧 Nix Craft Mar 9, 2014 @ 10:34

      Asus N56U comes with either default firmware or 3rd party firmware such as DD-WRT. Due to flash module disk size limit these commands may not work on embedded tiny devices. See your firmware documentation for firewall rules.

  • Rob Jan 27, 2015 @ 15:36

    Worked on CENTOS 6.6 x86_64 virtuozzo, WHM 11.46.2 (build 4) – thank you!

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum