How to save/backup existing iptables rules to a file – Iptables commands

Introduction

Iptables or iptables rules plays an important role in server administration part. You can secure your servers by using iptables rules. Normally, if you’re maintaining the IPTables configuration file (/etc/sysconfig/iptables) you do not need to worry about this. You have the IPTables configuration in your repository. Still this will be helpful sometimes.

Here is an example which gives you an idea about ‘how to backup existing iptables rules‘ in to a text file and how to restore it to iptables. This commands is useful if you want to keep a backup of your existing iptables rules. You can restore the rules simply from that backup text file.

If you are a newbie on iptables, please go through this guide to get a better idea on Linux iptables. This will help you to get an idea about the basics of iptables in Linux.

What is iptables in Linux? Introduction to iptables!

Note: Use ip6tables instead of iptables command to save / restore your IPTables 6 rules. The examples in this blog post only focusing IPv4 rules.

Command to list existing/current rules in iptables.

Simply execute “iptables -L” to list out all existing rules, however, this command gives you a detailed list of rules which are currently there in your server firewall.

# iptables -L -nv --line-number 

Switches:
L -> List rules
n -> List rules with port number
v -> verbose mode
--line-number -> List rules with rule number

Example

[root@server]# iptables -L -nv --line-number
Chain INPUT (policy ACCEPT 80 packets, 5562 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:22
2        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:25
3        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:80
4        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:110
5        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:143

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 60 packets, 10834 bytes)
num   pkts bytes target     prot opt in     out     source               destination

How to save current iptables rules to a text file?

Iptables has two commands to manage backup and restoration of current/existing rules. It is very useful option if you want a backup the current iptables rules prior to make any changes on it. If anything happened wrongly while editing the iptables rules we can simply restore the backup and lift the iptables as a working one.

1. iptables-save (Save current/existing rules to a file)
2. iptables-restore (Restore back the saved rules from the file)

Usage with example

“iptables-save”

You can simply save the current rules by executing the command “iptables-save” followed by the file name for save the rules. Check the current/existing rules by using the aforementioned command and save it before doing something with rules. It’s for security!

Syntax

Step 1:

iptables -L -nv --line-number

Step 2:

iptables-save > savedrules.txt   [">" to save rules]

Step 3:

cat savedrules.txt

Example

[root@server]# iptables -L -nv --line-number
Chain INPUT (policy ACCEPT 80 packets, 5562 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- * * xx.xx.xx.xx 0.0.0.0/0 tcp dpt:22
2 0 0 ACCEPT tcp -- * * xx.xx.xx.xx 0.0.0.0/0 tcp dpt:25
3 0 0 ACCEPT tcp -- * * xx.xx.xx.xx 0.0.0.0/0 tcp dpt:80
4 0 0 ACCEPT tcp -- * * xx.xx.xx.xx 0.0.0.0/0 tcp dpt:110
5 0 0 ACCEPT tcp -- * * xx.xx.xx.xx 0.0.0.0/0 tcp dpt:143

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 60 packets, 10834 bytes)
num pkts bytes target prot opt in out source destination
[root@server ~]# cat savedrules.txt
# Generated by iptables-save v1.4.7 on Thu Dec 5 07:40:26 2013
*mangle
:PREROUTING ACCEPT [16586:1618694]
:INPUT ACCEPT [16586:1618694]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [18957:2978114]
:POSTROUTING ACCEPT [18957:2978114]
COMMIT
# Completed on Thu Dec 5 07:40:26 2013
# Generated by iptables-save v1.4.7 on Thu Dec 5 07:40:26 2013
*filter
:INPUT ACCEPT [157:11076]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [114:18840]
-A INPUT -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 143 -j ACCEPT
COMMIT
# Completed on Thu Dec 5 07:40:27 2013
# Generated by iptables-save v1.4.7 on Thu Dec 5 07:40:27 2013
*nat
:PREROUTING ACCEPT [1695:100150]
:POSTROUTING ACCEPT [1626:121319]
:OUTPUT ACCEPT [1626:121319]
COMMIT
# Completed on Thu Dec 5 07:40:27 2013

How to restore the saved iptables rule from the file ?

“iptables-restore”, This is the command to restore your saved rules. You can restore it by executing the following command:

iptables-restore < savedrules.txt 

Example:

To test this first flush all rules from iptables and then restore it from the saved file.

Step 1:

[root@server ~]# iptables -F
[root@server ~]# iptables -L -nv --line-number
Chain INPUT (policy ACCEPT 20 packets, 1476 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 15 packets, 1812 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Restoring the old rules from the saved file.

Step 2:
[root@server ~]# iptables-restore < savedrules.txt  ["<" to restore rules]

Testing:

[root@server ~]# iptables -L -nv --line-number
Chain INPUT (policy ACCEPT 6 packets, 396 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:22
2        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:25
3        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:80
4        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:110
5        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:143

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 5 packets, 572 bytes)
num   pkts bytes target     prot opt in     out     source               destination

That’s it.

Related topics:
1. What is iptables in Linux ?
2. How to allow/block PING on Linux server – IPTables rules for icmp

Post navigation

Arunlal A

Senior System Developer at Zeta. Linux lover. Traveller. Let's connect! Whether you're a seasoned DevOps pro or just starting your journey, I'm always eager to engage with like-minded individuals. Follow my blog for regular updates, connect on social media, and let's embark on this DevOps adventure together! Happy coding and deploying!

10 thoughts on “How to save/backup existing iptables rules to a file – Iptables commands

  1. Hello Dear Arunlal Ashok.
    Thank you for your simple straightforward valuable tips and guides on Linux administration shared with all. I have started linux administration and have a business plan for the early future this year. I hope you would help me to improve my skills .
    Best Regards

  2. I liked your explanation, in my environment, we have Redhat Linux, Oracle Linux and a few Solaris 11. we need a centralized user access/authentication management, please advise which tool is best in the list available in market

  3. it is good, I need your help on an issue.

    in our environment we have oracle Linux and Redhat Linux and few solaris 11 (96% of them are VMware Vms)
    We have to setup a centralized user access management for all users for all servers, please advise what are the tools available to achieve this and which one is best to go

Leave a Reply

Your email address will not be published. Required fields are marked *