iptables-save Command in Linux
The iptables-save command in Linux saves the iptables rules to a file. Note that the iptables-save command alone does not ensure rules are saved across reboots unless followed by steps to persist them.
The iptables command creates and customizes rules for IPv4, while ip6tables is used for IPv6. These rules can be dumped using the iptables-save or ip6tables-save command. Saving the iptables rules ensures they stay in place and are restored after a reboot, avoiding the need for manual setup again. This also simplifies troubleshooting by offering a clear reference to previously applied rules.
Table of Contents
Here is a comprehensive guide to the options available with the iptables-save command −
- Syntax of iptables-save Command
- iptables-save Command Options
- Examples of iptables-save Command in Linux
Syntax of iptables-save Command
The syntax of iptables-save command in Linux is as follows −
iptables-save [options] [file]
The [options] argument is used to specify the options while the [file] option is used to specify the file in which the rules will be saved. The above syntax is for saving IPv4 rules to a file. For IPv6, use the syntax given below −
ip6tables-save [options] [file]
iptables-save Command Options
The options of the iptables-save command are listed below −
| Flags | Options | Description |
|---|---|---|
| -M modprobe | --modprobe=modprobe | To specify the path to the modprobe program (By default, the iptables-save will check /proc/sys/kernel/modprobe to access the modprobe executable) |
| -f filename | --file=filename | To log the output to a specified file |
| -c | --counters | To include the byte counters and current packets in the output |
| -t tablename | --table=tablename | To restrict the output to only one table (by default, the command includes all tables) |
Examples of iptables-save Command in Linux
This section demonstrates the usage of the iptables-save command in Linux with examples −
Listing the Saved iptables Rules
Use the iptables command with the -L or --list option to list the current iptables rules.
sudo iptables -L
To get the verbose output, use the -v option −
sudo iptables -L -v
If the above commands do not display any rules, then that means no rules have been added. To add the rules, use the iptables command, for instance, to allow port 22 for incoming traffic, use the iptables command in the following way −
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
Displaying Rules to STDOUT
Using the iptables-save command without any options allows users to output the current iptables rules to standard output (STDOUT). This provides a snapshot of all the active rules for IPv4
To display the rules to the standard output, execute the iptables-save command with sudo privileges −
sudo iptables-save
Similarly, to display the IPv6 iptables rules, use −
sudo ip6tables-save
Saving Rules to a File
To save the iptables rules, use the -f or --file option with the filename. For example, to save the iptables rules in the current working directory, use the iptables command in the following way −
sudo iptables-save -f iprules.rules
To save it in a specific directory, use the directory's path. For example, to save the rules in the /usr/local/etc directory, use the iptables-save command in the following manner −
sudo iptables-save -f /usr/local/etc/iprules.rules
The iptables-save command does not produce any output to the terminal when saving rules to a file. To verify, check the file content using the cat or less commands.
Saving Rules with Packets and Byte Counters
To save the rules with packets and bytes counters, use the -c or --counters option −
sudo iptables-save -c -f iprules.rules
Restoring Rules on Reboot
It is important to note that, by default, iptables rules are not persistent across reboots. When the system restarts, any iptables rules set up will be lost unless steps are taken to save and restore them automatically. The iptables-save command saves the rules in a file which can be restored using another command-line tool called iptables-restore.
sudo iptables-restore iprules.rules
To restore IPv6 rules, use −
sudo ip6tables-restore iprules.rules
Conclusion
The iptables-save command in Linux plays a crucial role in managing iptables rules for both IPv4 and IPv6. It allows for the saving of these rules, ensuring they remain intact and are restored after a system reboot. This functionality eliminates the need for manual reconfiguration and helps with troubleshooting.
The syntax for the iptables-save command is straightforward, and various options enable customization, including specifying output files and byte counters.