Overview
`iptables-restore` reads `iptables` rules from standard input or a file generated by the `iptables-save` command and applies them to the kernel's `netfilter` tables. This method is highly effective for applying a large set of rules quickly and consistently. It is frequently used in scripts to automatically load previously saved firewall configurations upon system reboot.
Key Features
- Batch application of saved `iptables` rules
- Restoration of firewall configurations after system reboot
- More efficient than manually adding individual rules
Key Options
Here are the main options that can be used with the `iptables-restore` command.
General Options
Generated command:
Try combining the commands.
Description:
`iptables-restore` Executes the command.
Combine the above options to virtually execute commands with AI.
Usage Examples
Here are practical examples of using the `iptables-restore` command.
Restore iptables Rules from a File
sudo iptables-restore < /etc/iptables/rules.v4Restores IPv4 firewall rules from the `rules.v4` file saved by `iptables-save`.
Restore Rules from Standard Input (Using Pipe)
sudo iptables-save | sudo iptables-restoreRestores the current rules from `iptables-save` directly by piping them to `iptables-restore`. This can be used primarily for backing up and immediately restoring rules.
Restore Only a Specific Table
sudo iptables-restore -t nat < /etc/iptables/nat_rules.v4Restores only the rules corresponding to the `nat` table from a saved file.
Restore Rules Including Counters
sudo iptables-restore -c < /etc/iptables/rules.v4Restores rules along with packet and byte counter information. This is particularly useful for accurately restoring the previous state after a system reboot.
Installation
`iptables-restore` is part of the `iptables` package and is typically installed by default on most Linux distributions. If it is not installed on your system, you can install it using the following commands.
Debian/Ubuntu
sudo apt update && sudo apt install iptablesCommand to install the `iptables` package on Debian or Ubuntu-based systems.
CentOS/RHEL/Fedora
sudo yum install iptables-services
# Or for newer Fedora/RHEL 8+ versions:
sudo dnf install iptables-servicesCommand to install the `iptables` package on CentOS, RHEL, or Fedora-based systems.
Tips & Precautions
When using `iptables-restore`, it is crucial to fully understand its impact on your current firewall configuration and proceed with caution. Incorrect rule restoration can lead to network connectivity loss or security vulnerabilities.
Important Tips
- **Backup is Essential:** Always back up your current rules before restoring using the command `sudo iptables-save > /path/to/backup_rules.v4`.
- **Utilize Test Environments:** Always thoroughly test your rules in a test environment before applying them to critical production systems.
- **Caution with `-n` Option:** The `--noflush` option adds new rules without clearing existing ones, which can lead to unintended rule duplication or conflicts. Generally, it is safer to completely replace existing rules.
- **IPv6 Rules:** For IPv6 firewall rules, you must use the `ip6tables-restore` command.
- **Consider nftables Transition:** In modern Linux distributions, `nftables` is increasingly used as the default firewall framework instead of `iptables`. On systems using `nftables`, consider using the `nft restore` command instead of `iptables-restore`.