Table of Contents
Ubuntu - iptables - Save IPTable rules
Save and Restore iptables
This will save initial copies of the firewall rules.
sudo iptables-save > /etc/iptables/rules.v4 sudo ip6tables-save > /etc/iptables/rules.v6
In /etc/network/if-pre-up.d/iptables enter the following:
- /etc/network/if-pre-up.d/iptables
#!/bin/sh iptables-restore < /etc/iptables/rules.v4 ip6tables-restore < /etc/iptables/rules.v6 exit 0
In /etc/network/if-post-down.d/iptables enter the following:
- /etc/network/if-post-down.d/iptables
#!/bin/sh iptables-save -c > /etc/iptables/rules.v4 if [ -f /etc/iptables/rules.v4 ]; then iptables-restore < /etc/iptables/rules.v4 fi ip6tables-save -c > /etc/iptables/rules.v6 if [ -f /etc/iptables/rules.v6 ]; then ip6tables-restore < /etc/iptables/rules.v6 fi exit 0
Give permission to the scripts:
sudo chmod +x /etc/network/if-post-down.d/iptables sudo chmod +x /etc/network/if-pre-up.d/iptables
IPv4 vs IPv6
There are slightly different commands used depending on IPv4 or IPv6.
For IPv4 the commands are iptables-save and iptables-restore.
For IPv6 the commands are ip6tables-save and ip6tables-restore.
Example Usage
Save the iptables rules
The generic method of saving iptables rules is to use the command iptables-save, which writes to stdout.
iptables-save > /etc/network/iptables.rules.v4 ip6tables-save > /etc/network/iptables.rules.v6
Restore the iptables rules
For IPv4, the output created by iptables-save can then by read on stdin by iptables-restore. Similarly, for IPv6, the output created by ip6tables-save can then by read on stdin by ip6tables-restore.
If on a server, without NetworkManager, a common approach is then to use a pre-up command in /etc/network/interfaces.
- /etc/network/interfaces
iface eth0 inet static .... pre-up iptables-restore < /etc/network/iptables.rules.v4 pre-up ip6tables-restore < /etc/network/iptables.rules.v6