How to save and restore iptables rules

by ·

iptables is a user-space utility program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames.

Many network parameters in Linux are configured using iptables, for example, forwarding packets, port forwarding, any permissions or restrictions for network traffic, building NAT, etc. But iptables remembers the configuration only until the reboot, so the question arises of how to save and restore the rules, without manually interrupting each rule into a script. There are iptables-save and iptables-restore utilities for this.

To save the currently active rules, we will use the iptables-save utility:
iptablessave > /etc/iptables/iptables.rules
This command will save the active configuration to the /etc/iptables/iptables.rules file. iptables-save also has a useful option. To view how to use iptables-save, you should the man page.
man iptables-save
To restore iptables rules, you simply run the command below:
iptablesrestore < /etc/iptables/iptables.rules

iptables-restore also has a useful option. To view how to use iptables-restore, you should the man page.

man iptables-restore
Now it remains only to automate the restore process. To do this, add the start of iptables-restore after raising one of the network interfaces. To do this, open the network configuration file /etc/network/interfaces and add rule restore to the loopback settings of the interface:
auto lo
iface lo inet loopback
post-up iptables-restore < /etc/iptables/iptables.rules
Why exactly in the loopback interface? Because it starts almost always and under any conditions, respectively, we can be sure that restoring iptables rules will work out exactly. Although sometimes there are situations when you need to load iptables rules when starting or stopping a particular interface, this already depends on the configuration and goals.
Suggestion: You should view the Common Firewall Rules and Commands here.

Tags: