Linux Commands

Permanently saving Iptables Rules in Linux Using the Iptables-Save Command

2 years ago
by Denis Kariuki
Defining the net-filter rules is mandatory when working with a server to ensure the security of your system. For the Linux system administrators, you often need to add, restore, or update the network firewall rules defined in the iptables. The good news is that the process is simple, but it can get annoying when you’ve defined your rules and they get lost after a reboot.

Normally, the defined rules are set to sustain until the next reboot. If working with complex and multiple rules, you may need to save them. If you have no idea how to go about this, the Linux iptables-save command does the job. This guide covers a practical usage of the command.

Working with Iptables Rules

To filter the network traffic, one must clearly define the iptables rules. The defined rules get stored in the system memory. Therefore, the rules are not persistent. And when the system reboots, you must define your rules again. Working with few rules is practical. But how about when you have multiple common rules? The solution is to save them, and there is a way you can do it.

1. Viewing Available Rules

If you are unsure of the rules that you already set, you can always list them. The iptables command offers a few options for listing the rules. Use the following command to list the rules in line numbers:

$ sudo iptables -L -n -v

We currently have no firewall rule set for this example, but we will add them later. Your output should display the set rules.

Let’s create a new rule.

2. Adding Iptables Rules

The iptables allow the defining of the firewall rules for your network. For our example, we will create a rule to block all the connections from a specific IP address. Our target IP is 192.12.34.2, and we will block its connections using the following rule:

$ sudo iptables -A INPUT -s 192.12.34.2 -j drop

Go ahead and list the available rules. In this case, we will see our new rule added.

However, the rule will be lost if we reboot the system and check the same iptables rules. To avoid clearing the rules each time the system reboots, we should save the files after adding them.

3. Saving Iptables Rules

The command to save the firewall rules is iptables-save. By using it, you can specify the file to save and access it later.

To save the rules without specifying a file, run the command shown in the following image:

The bad side with this method is that you can’t restore the rules from a file.

To save the file on a file, for instance, in a file named rules.v4, the command will be:

$ sudo iptables-save > /etc/iptables/rules.v4

Remember, you must be the root before you execute the command.

Now, let’s reboot the system and open our iptables to confirm if there are any rules defined.

From the output, no rules are currently set. However, unlike where we had to create the rules again, we can now restore the saved rules from the file.

4. Restoring Iptables Rules

The process of restoring the rules is easy. You only need to specify the path to the file like in the following command:

$ iptables-restore < /etc/iptables/rules.v4

Once restored, you can open the iptables to see the available rules.

That’s it! We have our previously created rules restored to use for the session. All you need to use the same rules in the future is to restore them from the file. Besides, you can also update them depending on your need.

Conclusion

You no longer need to get frustrated in losing your firewall rules after a reboot. We’ve covered how you can use the iptables-save Linux command which lets you save your rules and restore them from the file whenever necessary.

About the author

Denis Kariuki

Denis is a Computer Scientist with a passion for Networking and Cyber Security. I love the terminal, and using Linux is a hobby. I am passionate about sharing tips and ideas about Linux and computing.

View all posts