What is the default configuration file for IPTables and where it is located – Linux

It’s quite simple and but very useful thing. I have already posted the basics of IPTables in Linux, you may check this for more details >> IPTables basics <<

The iptables rules are saved in the file “/etc/sysconfig/iptables” under a Unix architecture. You can view/edit iptables rules from this file. See the sample entries:

[email protected] [~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Fri May  2 00:54:58 2014
*nat
:PREROUTING ACCEPT [1:60]
:POSTROUTING ACCEPT [7:636]
:OUTPUT ACCEPT [7:636]
COMMIT
# Completed on Fri May  2 00:54:58 2014
# Generated by iptables-save v1.4.7 on Fri May  2 00:54:58 2014
*mangle
:PREROUTING ACCEPT [890360:501351591]
:INPUT ACCEPT [890360:501351591]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [876347:125010352]
:POSTROUTING ACCEPT [847830:121738569]
COMMIT
# Completed on Fri May  2 00:54:58 2014
# Generated by iptables-save v1.4.7 on Fri May  2 00:54:58 2014
*filter
:INPUT ACCEPT [4:304]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:496]
:acctboth - [0:0]
-A INPUT -p tcp -m tcp --dport 49152:65534 -j ACCEPT
-A INPUT -j acctboth
-A OUTPUT -j acctboth
-A acctboth -s IP.ADD.RESS/32 ! -i lo -p tcp -m tcp --dport 80
-A acctboth -d IP.ADD.RESS/32 ! -i lo -p tcp -m tcp --sport 80
-A acctboth -s IP.ADD.RESS/32 ! -i lo -p tcp -m tcp --dport 25
-A acctboth -d IP.ADD.RESS/32 ! -i lo -p tcp -m tcp --sport 25
-A acctboth ! -i lo
COMMIT
# Completed on Fri May  2 00:54:58 2014

There is one more configuration file ‘/etc/sysconfig/iptables-config‘ to control iptables init-script. You can set up a lot of things on this file. See the important directives in ‘/etc/sysconfig/iptables-config‘ file:

1, IPTABLES_MODULES

Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which are loaded after the firewall rules are applied. Options for the helpers are stored in /etc/modprobe.conf.
IPTABLES_MODULES=""

2, IPTABLES_MODULES_UNLOAD

Unload modules on restart and stop
Value: yes|no,  default: yes
This option has to be 'yes' to get to a sane state for a firewall restart or stop. Only set to 'no' if there are problems unloading netfilter modules.
IPTABLES_MODULES_UNLOAD="yes"

3, IPTABLES_SAVE_ON_STOP

Save current firewall rules on stop.
Value: yes|no,  default: no
Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="no"

4, IPTABLES_SAVE_ON_RESTART

Save current firewall rules on restart.
Value: yes|no,  default: no
Saves all firewall rules to /etc/sysconfig/iptables if firewall gets restarted.
IPTABLES_SAVE_ON_RESTART="no"

5, IPTABLES_SAVE_COUNTER

Save (and restore) rule and chain counter.
Value: yes|no,  default: no
Save counters for rules and chains to /etc/sysconfig/iptables if 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or SAVE_ON_RESTART is enabled.
IPTABLES_SAVE_COUNTER="no"

6, IPTABLES_STATUS_NUMERIC

Numeric status output
Value: yes|no,  default: yes
Print IP addresses and port numbers in numeric format in the status output.
IPTABLES_STATUS_NUMERIC="yes"

7, IPTABLES_STATUS_VERBOSE

Verbose status output
Value: yes|no,  default: yes
Print info about the number of packets and bytes plus the "input-" and "outputdevice" in the status output.
IPTABLES_STATUS_VERBOSE="no"

8, IPTABLES_STATUS_LINENUMBERS

Status output with numbered lines
Value: yes|no,  default: yes
Print a counter/number for every rule in the status output.
IPTABLES_STATUS_LINENUMBERS="yes"

9, IPTABLES_SYSCTL_LOAD_LIST

Reload sysctl settings on start and restart
Default: -none-
Space separated list of sysctl items which are to be reloaded on start. List items will be matched by fgrep.
#IPTABLES_SYSCTL_LOAD_LIST=".nf_conntrack .bridge-nf"

that’s it!

Related Links
1, What is iptables in Linux ?
2, IPTables rules for icmp
3, How to block/unblock an IP address in your Linux server
4, How to prevent DoS attack on server using IPTables or CSF

Arunlal Ashok

Linux Server Administrator. I'm dealing with Linux servers since 2012. I started this blog to share and discuss my ideas with the world. Check My Profile!! in uPwork (oDesk) and let me know if you need any assistance. Thanks!!

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *