Begin Linux Blog

Linux Distro Releases and News

«
»

Saving Changes for iptables

Posted by beginlinux on May 26, 2009

Whenever you make a change to your firewall, on a Fedora/CentOS type system, you will want to save the changes.

The output can be redirected to a file.

# iptables-save > /root/firewall-rules
The following command line restores all rules from /root/firewall-rules assuming that the file /root/firewall-rules exists.

# iptables-restore < /root/firewall-rules

By default, iptables-restore deletes all existing rules before restoring the saved rules. If the saved rules are to be appended to existing rules, use the -n or –noflush option.

Save Your Firewall and Load on Restart
You will need to edit the /etc/sysconfig/iptables-config as root to help iptables save and reload your firewall correctly. Be sure the following settings are changed to “yes”.

# Unload modules on restart and stop
# Value: yes|no, default: yes
# This option has to be ‘yes’ to get to a sane state for a firewall
# restart or stop. Only set to ‘no’ if there are problems unloading netfilter
# modules.
IPTABLES_MODULES_UNLOAD=”yes”

# Save current firewall rules on stop.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP=”yes”

# Save current firewall rules on restart.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART=”yes”

iptables Configuration Files

CentOS and other Red Hat based distributions set iptables rules in /etc/sysconfig/iptables, which may be generated by redirecting the output of iptables-save as follows.

# iptables-save > /etc/sysconfig/iptables
The rules are automatically restored by the script /etc/init.d/iptables at startup. No modification to /etc/init.d/iptables is required.

Note that Red Hat based distributions place iptables and related executables in /sbin, not in /usr/sbin.

iptables is not a daemon but it does load rules into memory. This means that rules will not be persistent over a restart. However, if you do the save command it will save the currently loaded rules into a file called: /etc/sysconfig/iptables

service iptables save

This entry was posted on May 26, 2009 at 8:55 am and is filed under Desktop User. Tagged: , , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “Saving Changes for iptables”

  1. HowtoMatrix » Saving Changes for iptables said

    May 31, 2009 at 2:35 pm

    [...] Read more at Begin Linux Blog [...]

  2. VPS said

    June 1, 2009 at 11:14 pm

    I was looking for iptables rules. That’s really very nice article. Thanks for your helping!

  3. Stop Dreaming Start Action » Blog Archive » Saving Changes for iptables « Begin Linux Blog said

    June 30, 2009 at 12:22 am

    [...] Continued here: Saving Changes for iptables « Begin Linux Blog [...]

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«
»