LabEx
Log In Join For Free

Linux iptables-save Command with Practical Examples

LinuxLinuxBeginner
Practice Now

Introduction

In this lab, you will learn how to use the iptables-save command to backup and restore iptables firewall rules on a Linux system. The lab covers the purpose and functionality of iptables-save, how to backup and restore firewall rules, and how to automate the process using a Systemd service. This is a valuable skill for network administrators and security professionals who need to manage and maintain firewall configurations. The lab provides practical examples and step-by-step instructions to help you master the use of iptables-save for your networking and communication needs.

Linux Commands Cheat Sheet

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL linux(("`Linux`")) -.-> linux/BasicFileOperationsGroup(["`Basic File Operations`"]) linux(("`Linux`")) -.-> linux/UserandGroupManagementGroup(["`User and Group Management`"]) linux/BasicFileOperationsGroup -.-> linux/cat("`File Concatenating`") linux/UserandGroupManagementGroup -.-> linux/sudo("`Privilege Granting`") subgraph Lab Skills linux/cat -.-> lab-422745{{"`Linux iptables-save Command with Practical Examples`"}} linux/sudo -.-> lab-422745{{"`Linux iptables-save Command with Practical Examples`"}} end

Understand the Purpose and Functionality of iptables-save

In this step, you will learn about the purpose and functionality of the iptables-save command. The iptables-save command is used to save the current state of the iptables firewall rules to a file, which can then be used to restore the firewall configuration at a later time.

The iptables-save command captures the current state of the iptables firewall rules, including the filter, nat, mangle, and raw tables. This allows you to easily backup and restore your firewall configuration, which is useful in scenarios such as:

  • Migrating firewall rules to a new system
  • Restoring the firewall configuration after a system reboot or update
  • Automating the backup and restoration of firewall rules

To use the iptables-save command, simply run the following command in the terminal:

sudo iptables-save

This will output the current iptables firewall rules to the terminal. You can redirect this output to a file for backup purposes:

sudo iptables-save > iptables-backup.rules

The generated iptables-backup.rules file can then be used to restore the firewall configuration at a later time using the iptables-restore command.

Example output:

## Generated by iptables-save v1.8.7 on Wed Apr 12 12:34:56 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
## Completed on Wed Apr 12 12:34:56 2023

The output shows the current iptables firewall rules, which can be used to restore the configuration later.

Backup and Restore iptables Firewall Rules Using iptables-save

In this step, you will learn how to backup and restore iptables firewall rules using the iptables-save and iptables-restore commands.

First, let's backup the current iptables firewall rules to a file:

sudo iptables-save > iptables-backup.rules

This will create a file named iptables-backup.rules in the current directory, containing the current iptables firewall configuration.

To restore the firewall rules from the backup file, use the iptables-restore command:

sudo iptables-restore < iptables-backup.rules

This will apply the firewall rules stored in the iptables-backup.rules file to the current system.

Example output:

$ sudo iptables-restore < iptables-backup.rules
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere             state INVALID
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:22
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

The output shows that the firewall rules have been successfully restored from the backup file.

Automate iptables-save in a Systemd Service

In this step, you will learn how to automate the backup of iptables firewall rules using a Systemd service.

First, create a new Systemd service file:

sudo nano /etc/systemd/system/iptables-save.service

Add the following content to the file:

[Unit]
Description=Backup iptables firewall rules
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/sbin/iptables-save -f /etc/iptables/rules.v4

[Install]
WantedBy=multi-user.target

This Systemd service will run the iptables-save command and save the firewall rules to the /etc/iptables/rules.v4 file.

Next, enable and start the Systemd service:

sudo systemctl enable iptables-save.service
sudo systemctl start iptables-save.service

This will ensure that the iptables firewall rules are automatically backed up whenever the system starts up.

To verify that the service is working correctly, check the status of the service:

sudo systemctl status iptables-save.service

Example output:

● iptables-save.service - Backup iptables firewall rules
     Loaded: loaded (/etc/systemd/system/iptables-save.service; enabled; vendor preset: enabled)
     Active: active (exited) since Wed 2023-04-12 12:34:56 UTC; 1min 23s ago
   Main PID: 12345 (code=exited, status=0/SUCCESS)
      Tasks: 0 (limit: 1071)
     Memory: 0B
     CGroup: /system.slice/iptables-save.service

Apr 12 12:34:56 labex systemd[1]: Started Backup iptables firewall rules.

The service should be in the "active (exited)" state, indicating that the iptables-save command has been executed successfully.

You can also check the contents of the /etc/iptables/rules.v4 file to verify that the firewall rules have been saved:

cat /etc/iptables/rules.v4

This should display the current iptables firewall configuration.

Summary

In this lab, you first learned about the purpose and functionality of the iptables-save command, which is used to save the current state of the iptables firewall rules to a file. This allows you to easily backup and restore your firewall configuration, which is useful in scenarios such as migrating firewall rules to a new system, restoring the firewall configuration after a system reboot or update, and automating the backup and restoration of firewall rules. You then learned how to backup and restore iptables firewall rules using the iptables-save and iptables-restore commands. Finally, you explored how to automate the iptables-save command using a Systemd service, which ensures that the firewall rules are automatically backed up on a regular basis.

Linux Commands Cheat Sheet

Other Linux Tutorials you may like

Related Linux Courses
Quick Start with Linux

Quick Start with Linux

LinuxShell
Beginner
Linux for Noobs

Linux for Noobs

LinuxShell
Intermediate
Practice Linux Commands

Practice Linux Commands

LinuxShell
Beginner

We use cookies for a number of reasons, such as keeping the website reliable and secure, to improve your experience on our website and to see how you interact with it. By accepting, you agree to our use of such cookies. Privacy Policy