How to save/backup existing iptables rules to a file – Iptables commands

Iptables or iptables rules have an important role in server administration. Here is an example which gives you an idea about ‘how to backup iptables rules’ in to a text file and how to restore it to iptables.

Command to list existing/current rules in iptables.
[simply “iptables -L” will list all existing rules, but this command gives you a detailed list of rules.]

>> iptables -L -nv --line-number 
Switches:
L -> List rules
n -> List rules with port number
v -> verbose mode
--line-number -> List rules with rule number

Example:

[[email protected]]# iptables -L -nv --line-number
Chain INPUT (policy ACCEPT 80 packets, 5562 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:22
2        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:25
3        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:80
4        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:110
5        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:143

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 60 packets, 10834 bytes)
num   pkts bytes target     prot opt in     out     source               destination

how to save current iptables rules ?
iptables have two commands to manage backup and restoration of current/existing rules. It is very useful option if you want a backup the current iptavbles rules before made a change on it. If anything wrong happened while editing the iptables rules we can simply restore the backup and lift the iptables as a working one.

1. iptables-save (Save current/existing rules to a file)
2. iptables-restore (Restore back the saved rules from the file)

Usage with example:
“iptables-save”
You can simply save the current rules by executing the command “iptables-save” followed by the file name for save the rules.
Check the current/existing rules by using the above mentioned command and save it before editing for security.
Syntax:
Step 1:

iptables -L -nv --line-number

Step 2:

iptables-save > savedrules.txt   [">" to save rules]

Step 3:

cat savedrules.txt

Example:

[[email protected]]# iptables -L -nv --line-number
Chain INPUT (policy ACCEPT 80 packets, 5562 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- * * xx.xx.xx.xx 0.0.0.0/0 tcp dpt:22
2 0 0 ACCEPT tcp -- * * xx.xx.xx.xx 0.0.0.0/0 tcp dpt:25
3 0 0 ACCEPT tcp -- * * xx.xx.xx.xx 0.0.0.0/0 tcp dpt:80
4 0 0 ACCEPT tcp -- * * xx.xx.xx.xx 0.0.0.0/0 tcp dpt:110
5 0 0 ACCEPT tcp -- * * xx.xx.xx.xx 0.0.0.0/0 tcp dpt:143

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 60 packets, 10834 bytes)
num pkts bytes target prot opt in out source destination
[[email protected] ~]# cat savedrules.txt
# Generated by iptables-save v1.4.7 on Thu Dec 5 07:40:26 2013
*mangle
:PREROUTING ACCEPT [16586:1618694]
:INPUT ACCEPT [16586:1618694]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [18957:2978114]
:POSTROUTING ACCEPT [18957:2978114]
COMMIT
# Completed on Thu Dec 5 07:40:26 2013
# Generated by iptables-save v1.4.7 on Thu Dec 5 07:40:26 2013
*filter
:INPUT ACCEPT [157:11076]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [114:18840]
-A INPUT -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 143 -j ACCEPT
COMMIT
# Completed on Thu Dec 5 07:40:27 2013
# Generated by iptables-save v1.4.7 on Thu Dec 5 07:40:27 2013
*nat
:PREROUTING ACCEPT [1695:100150]
:POSTROUTING ACCEPT [1626:121319]
:OUTPUT ACCEPT [1626:121319]
COMMIT
# Completed on Thu Dec 5 07:40:27 2013

How to restore the saved iptables rule from the file ?
“iptables-restore”, This is the command to restore your saved rules. You can restore it by executing the following command:

iptables-restore < savedrules.txt 

Example:
To test this first flush all rules from iptables and then restore it from the saved file.

Step 1:

[[email protected] ~]# iptables -F
[[email protected] ~]# iptables -L -nv --line-number
Chain INPUT (policy ACCEPT 20 packets, 1476 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 15 packets, 1812 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Restoring the old rules from the saved file.

Step 2:
[[email protected] ~]# iptables-restore < savedrules.txt  ["<" to restore rules]

Testing:

[[email protected] ~]# iptables -L -nv --line-number
Chain INPUT (policy ACCEPT 6 packets, 396 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:22
2        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:25
3        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:80
4        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:110
5        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:143

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 5 packets, 572 bytes)
num   pkts bytes target     prot opt in     out     source               destination

That’s it.

 

Related topics:
1. What is iptables in Linux ?
2. How to allow/block PING on Linux server – IPTables rules for icmp

Arunlal Ashok

Linux Server Administrator. I'm dealing with Linux servers since 2012. I started this blog to share and discuss my ideas with the world. Check My Profile!! in uPwork (oDesk) and let me know if you need any assistance. Thanks!!

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *