Home > Network Management > iptables-save

iptables-save: Save iptables Firewall Rules

iptables-save is a command that dumps the IPv4 iptables firewall rules currently loaded in the kernel to standard output. This command is primarily used to save the currently configured firewall rules to a file for backup or to restore rules upon system reboot. It is used in conjunction with the `iptables-restore` command to manage the persistence of firewall rules.

Overview

iptables-save extracts the currently active iptables rules in a text format. This output is in a format that can be reloaded by the `iptables-restore` command, making it essential for backing up and restoring firewall configurations.

Key Features

  • Dumps current iptables rules to standard output
  • Creates rule files for backup and restoration
  • Allows selective saving of rules for specific tables

Key Options

The iptables-save command offers a relatively small number of options.

Save Options

Generated command:

Try combining the commands.

Description:

`iptables-save` Executes the command.

Combine the above options to virtually execute commands with AI.

Usage Examples

Common usage examples for iptables-save.

Save all current iptables rules to a file

sudo iptables-save > /etc/iptables/rules.v4

Saves all currently active IPv4 iptables rules to the file `/etc/iptables/rules.v4`.

Save only nat table rules to a file

sudo iptables-save -t nat > /etc/iptables/nat_rules.v4

Saves only the Network Address Translation (NAT) related rules to the file `/etc/iptables/nat_rules.v4`.

Save all rules including counters

sudo iptables-save -c > /etc/iptables/rules_with_counters.v4

Saves all rules, including packet and byte counter information for each rule. This can be useful for traffic analysis.

Check the content of the saved rules file

cat /etc/iptables/rules.v4

Checks the content of the saved rules file using the `cat` command.

Installation

iptables-save is typically provided as part of the `iptables` package. It is installed by default on most Linux distributions, but may need to be installed manually in minimal installation environments.

Debian/Ubuntu

sudo apt update && sudo apt install iptables

Command to install the `iptables` package on Debian or Ubuntu-based systems.

CentOS/RHEL/Fedora

sudo dnf install iptables-services

Command to install the `iptables-services` package on CentOS, RHEL, or Fedora-based systems. This package includes the `iptables` binary and persistence management services.

Tips & Precautions

Useful tips and points to note when using iptables-save.

Persistence Management

iptables rules are lost by default upon reboot, so you need to automate the process of saving with `iptables-save` and restoring with `iptables-restore`. Many Linux distributions provide services for managing rule persistence through packages like `iptables-persistent` (Debian/Ubuntu) or `iptables-services` (CentOS/RHEL). Using these services is recommended.

  • For rule persistence, script `iptables-save` and `iptables-restore` or use dedicated services.
  • It is important to configure rules to be loaded automatically upon system reboot.

IPv6 Rules

`iptables-save` only handles IPv4 rules. To save IPv6 rules, you must use the `ip6tables-save` command.

Output Format

The output of `iptables-save` is in a specific format that `iptables-restore` can read. When manually editing this file, be careful not to introduce format errors. Incorrect formatting can lead to rule restoration failures.

Same category commands

curl

The Complete Guide to the Curl Command

dig

dig: DNS Information Lookup Tool

ftp

ftp: File Transfer Protocol Client

host

host: Simple DNS Information Lookup Tool

http

Mastering the HTTPie Command