• Uncategorized
  • 2

How to save/backup existing iptables rules to a file – Iptables commands

Iptables or iptables rules plays an important role in server administration part. Here is an example which gives you an idea about ‘how to backup existing iptables rules‘ in to a text file and how to restore it to iptables. If you are a newbie on iptables, please go through this guide to get a better idea on Linux iptables.

What is iptables in Linux? Introduction to iptables!

Command to list existing/current rules in iptables.

Simply execute “iptables -L” to list out all existing rules, however, this command gives you a detailed list of rules which are currently there in your server firewall.

# iptables -L -nv --line-number 

Switches:
L -> List rules
n -> List rules with port number
v -> verbose mode
--line-number -> List rules with rule number

Example

[root@server]# iptables -L -nv --line-number
Chain INPUT (policy ACCEPT 80 packets, 5562 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:22
2        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:25
3        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:80
4        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:110
5        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:143

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 60 packets, 10834 bytes)
num   pkts bytes target     prot opt in     out     source               destination

How to save current iptables rules to a text file?

Iptables has two commands to manage backup and restoration of current/existing rules. It is very useful option if you want a backup the current iptables rules prior to make any changes on it. If anything happened wrongly while editing the iptables rules we can simply restore the backup and lift the iptables as a working one.

1. iptables-save (Save current/existing rules to a file)
2. iptables-restore (Restore back the saved rules from the file)

Usage with example:

“iptables-save”

You can simply save the current rules by executing the command “iptables-save” followed by the file name for save the rules. Check the current/existing rules by using the aforementioned command and save it before doing something with rules. It’s for security!

Syntax

Step 1:

iptables -L -nv --line-number

Step 2:

iptables-save > savedrules.txt   [">" to save rules]

Step 3:

cat savedrules.txt

Example:

[root@server]# iptables -L -nv --line-number
Chain INPUT (policy ACCEPT 80 packets, 5562 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- * * xx.xx.xx.xx 0.0.0.0/0 tcp dpt:22
2 0 0 ACCEPT tcp -- * * xx.xx.xx.xx 0.0.0.0/0 tcp dpt:25
3 0 0 ACCEPT tcp -- * * xx.xx.xx.xx 0.0.0.0/0 tcp dpt:80
4 0 0 ACCEPT tcp -- * * xx.xx.xx.xx 0.0.0.0/0 tcp dpt:110
5 0 0 ACCEPT tcp -- * * xx.xx.xx.xx 0.0.0.0/0 tcp dpt:143

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 60 packets, 10834 bytes)
num pkts bytes target prot opt in out source destination
[root@server ~]# cat savedrules.txt
# Generated by iptables-save v1.4.7 on Thu Dec 5 07:40:26 2013
*mangle
:PREROUTING ACCEPT [16586:1618694]
:INPUT ACCEPT [16586:1618694]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [18957:2978114]
:POSTROUTING ACCEPT [18957:2978114]
COMMIT
# Completed on Thu Dec 5 07:40:26 2013
# Generated by iptables-save v1.4.7 on Thu Dec 5 07:40:26 2013
*filter
:INPUT ACCEPT [157:11076]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [114:18840]
-A INPUT -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 143 -j ACCEPT
COMMIT
# Completed on Thu Dec 5 07:40:27 2013
# Generated by iptables-save v1.4.7 on Thu Dec 5 07:40:27 2013
*nat
:PREROUTING ACCEPT [1695:100150]
:POSTROUTING ACCEPT [1626:121319]
:OUTPUT ACCEPT [1626:121319]
COMMIT
# Completed on Thu Dec 5 07:40:27 2013

How to restore the saved iptables rule from the file ?

“iptables-restore”, This is the command to restore your saved rules. You can restore it by executing the following command:

iptables-restore < savedrules.txt 

Example:

To test this first flush all rules from iptables and then restore it from the saved file.

Step 1:

[root@server ~]# iptables -F
[root@server ~]# iptables -L -nv --line-number
Chain INPUT (policy ACCEPT 20 packets, 1476 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 15 packets, 1812 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Restoring the old rules from the saved file.

Step 2:
[root@server ~]# iptables-restore < savedrules.txt  ["<" to restore rules]

Testing:

[root@server ~]# iptables -L -nv --line-number
Chain INPUT (policy ACCEPT 6 packets, 396 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:22
2        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:25
3        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:80
4        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:110
5        0     0 ACCEPT     tcp  --  *      *       xx.xx.xx.xx         0.0.0.0/0           tcp dpt:143

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 5 packets, 572 bytes)
num   pkts bytes target     prot opt in     out     source               destination

That’s it.

Related topics:
1. What is iptables in Linux ?
2. How to allow/block PING on Linux server – IPTables rules for icmp

Arunlal Ashok

Sr. Linux Server Administrator. I'm managing Linux servers since 2012. I started this blog to share and discuss my ideas. Check My Profile in uPwork (oDesk) and create a job, if you need any administration help. Thanks!!

You may also like...

2 Responses

  1. Mohammad Shahidi says:

    Hello Dear Arunlal Ashok.
    Thank you for your simple straightforward valuable tips and guides on Linux administration shared with all. I have started linux administration and have a business plan for the early future this year. I hope you would help me to improve my skills .
    Best Regards

Leave a Reply

Your email address will not be published. Required fields are marked *