Home > Desktop User > Saving Changes for iptables

Saving Changes for iptables

Whenever you make a change to your firewall, on a Fedora/CentOS type system, you will want to save the changes.

The output can be redirected to a file.

# iptables-save > /root/firewall-rules
The following command line restores all rules from /root/firewall-rules assuming that the file /root/firewall-rules exists.

# iptables-restore < /root/firewall-rules

By default, iptables-restore deletes all existing rules before restoring the saved rules. If the saved rules are to be appended to existing rules, use the -n or –noflush option.

Save Your Firewall and Load on Restart

You will need to edit the /etc/sysconfig/iptables-config as root to help iptables save and reload your firewall correctly. Be sure the following settings are changed to “yes”.

# Unload modules on restart and stop
# Value: yes|no, default: yes
# This option has to be ‘yes’ to get to a sane state for a firewall
# restart or stop. Only set to ‘no’ if there are problems unloading netfilter
# modules.

# Save current firewall rules on stop.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).

# Save current firewall rules on restart.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.

iptables Configuration Files

CentOS and other Red Hat based distributions set iptables rules in /etc/sysconfig/iptables, which may be generated by redirecting the output of iptables-save as follows.

# iptables-save > /etc/sysconfig/iptables
The rules are automatically restored by the script /etc/init.d/iptables at startup. No modification to /etc/init.d/iptables is required.

Note that Red Hat based distributions place iptables and related executables in /sbin, not in /usr/sbin.

iptables is not a daemon but it does load rules into memory. This means that rules will not be persistent over a restart. However, if you do the save command it will save the currently loaded rules into a file called: /etc/sysconfig/iptables

service iptables save

About these ads
  1. VPS
    June 1, 2009 at 11:14 pm

    I was looking for iptables rules. That’s really very nice article. Thanks for your helping!

  2. December 30, 2009 at 5:19 am

    thank you for this article. Ive looked at the end.

  1. May 31, 2009 at 2:35 pm
  2. June 30, 2009 at 12:22 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 55 other followers

%d bloggers like this: