Home > Network Management > iptables-restore

iptables-restore: Restoring iptables Rules

The iptables-restore command is used to restore iptables (IPv4) or ip6tables (IPv6) rules previously saved by the `iptables-save` command. This allows you to maintain firewall rules after a reboot or easily apply backed-up rules.

Overview

iptables-restore reads iptables rules saved in a text file and applies them to the kernel's network filtering tables. It is an essential tool for maintaining firewall settings after system reboots or restoring firewall configurations from a specific point in time.

Key Features

  • Loads saved iptables rules into the kernel
  • Supports both IPv4 and IPv6 rules (ip6tables-restore is separate)
  • A core tool for persistent firewall rule application
  • Used for backup and recovery

Key Options

The iptables-restore command offers several useful options to control the behavior during rule restoration.

Restoration Control

Generated command:

Try combining the commands.

Description:

`iptables-restore` Executes the command.

Combine the above options to virtually execute commands with AI.

Usage Examples

Common usage examples for the iptables-restore command.

Restoring Saved IPv4 Rules

sudo iptables-restore < /etc/iptables/rules.v4

Loads IPv4 rules previously saved with `iptables-save` into the system.

Restoring Saved IPv6 Rules

sudo ip6tables-restore < /etc/iptables/rules.v6

Loads IPv6 rules previously saved with `ip6tables-save` into the system.

Testing Rules Before Restoration

sudo iptables-restore --test < /etc/iptables/rules.v4

Checks for syntax errors in the rules before actually applying them.

Adding New Rules While Keeping Existing Ones

sudo iptables-restore --noflush < /etc/iptables/new_rules.v4

Adds rules from a file without clearing the currently active rules. (Requires caution)

Installation

iptables-restore is typically provided as part of the `iptables` package. It is installed by default on most Linux distributions, but may need to be installed manually in minimal installation environments.

Debian/Ubuntu

sudo apt update
sudo apt install iptables

Installs iptables using the APT package manager.

CentOS/RHEL/Fedora

sudo yum install iptables
# or
sudo dnf install iptables

Installs iptables using the YUM or DNF package manager.

Tips & Precautions

Points to note and useful tips when using iptables-restore.

Persistent Application

`iptables-restore` loads rules into the kernel, but they disappear upon system reboot. To apply rules persistently, you need to use services like `netfilter-persistent` or `iptables-persistent`, or add the `iptables-restore` command to your boot scripts.

  • Debian/Ubuntu: Install `sudo apt install iptables-persistent` then `sudo netfilter-persistent save`
  • CentOS/RHEL: Enable and start the iptables service with `sudo systemctl enable iptables && sudo systemctl start iptables`

Importance of Backup

It is always recommended to back up your current rules using `iptables-save` before restoring rules. Incorrect rule restoration can disconnect your network.

  • Backup current IPv4 rules: `sudo iptables-save > /root/iptables_backup_$(date +%Y%m%d_%H%M%S).v4`

Utilizing Test Mode

Make it a habit to use the `--test` option to check for syntax errors in your rule files beforehand. This greatly helps in preventing issues caused by actual application.

Distinguishing IPv4 and IPv6

IPv4 rules must be restored with `iptables-restore`, and IPv6 rules with `ip6tables-restore`. These commands operate separately.

Same category commands

curl

The Complete Guide to the Curl Command

dig

dig: DNS Information Lookup Tool

ftp

ftp: File Transfer Protocol Client

host

host: Simple DNS Information Lookup Tool

http

Mastering the HTTPie Command