Ubuntu Linux Save / Restore Iptables Rules

I want to make changes to an iptables configuration. How to do I Save and Restore an iptables Configuration in Ubuntu Linux server?

If you want to make changes to an iptables configuration, it is always good idea to save the current configuration by typing the following commands:
$ sudo -s
$ iptables-save > /root/working.iptables.rules

Now, you can make any changes using command line.

ADVERTISEMENTS

To restore it use the command iptables-restore, enter:
# iptables-restore < /root/working.iptables.rules

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
8 comments… add one
  • Michael Jun 24, 2009 @ 14:40

    Thanks for the tip!
    Not only useful for Ubuntu users!

  • Mike Jun 24, 2009 @ 15:23

    Thanks

    Here’s another little tip. If you add a shebang line to the top of the saved iptables file like “#!/usr/bin/env iptables-restore” and make it executable (chmod +x) you can then just execute the saved firewall rules like so ./my-firewall

    • 🐧 nixCraft Jun 24, 2009 @ 15:45

      @Mike, Excellent tip. I never thought about it.

      @Michael, yes it works on all Linux distro.

      Appropriate your posts!

  • Joost Jun 26, 2009 @ 16:08

    Be carefull if you change your iptables file remotely (via ssh). A mistake might lock you out.
    In that case it is safer to use iptables-apply. It changes the iptables, but gives you a prompt to confirm the change. If the change locked you out, it will revert to the previous ruleset.
    So change the /root/working.iptables.rules file, and use:

    iptables-apply -t 15 /root/working.iptables.rules

    You have 15 seconds to accept the change.
    Only works on newer versions of iptables (Ubuntu jaunty in my case).

  • budacsik Jul 1, 2009 @ 10:14

    tip:
    iptables auto on/off

    1.)
    Run in terminal the next command:
    sudo iptables-save > /etc/iptables.rules

    2.) Edit /etc/network/interfaces file and add this two line to interface configuration:
    pre-up iptables-restore /etc/iptables.rules

    To sum:

    auto eth1
    iface eth1 inet static
    address 192.168.2.1
    network 255.255.255.0
    broadcast 192.168.2.255
    pre-up iptables-restore /etc/iptables.rules

    3.) Save and test (reboot)

  • badwolf Jul 10, 2009 @ 12:27

    One other way of safeguarding yourself when you modify iptables via ssh is (before you start fiddling around ;-) )to set a cron job to reset the firewall rules every say 15 minutes. That way you only have to wait at most 15 minutes to get back into your machine. Don’t forget to disable the cron job when you are finished. This presumes that you have root/sudo access to be able to set the cron and run iptables-restore as super user.
    Thanks for the info.

  • Salvador Jan 29, 2010 @ 0:17

    budacsik:

    You made a little mistake in the line:
    pre-up iptables-restore /etc/iptables.rules

    it must be:
    pre-up iptables-restore < /etc/iptables.rules

  • budacsik Jan 29, 2010 @ 7:29

    Salvador:
    You are right! Sorry for mistake.

    (I’m sorry, but I can’t edit it.)

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.