Wiki

User Tools

Site Tools

Trace:
iptables:save_iptable_rules

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
iptables:save_iptable_rules [2016/10/07 12:50] peteriptables:save_iptable_rules [2019/11/29 17:43] (current) – removed peter
Line 1: Line 1:
-====== IPTables - Save IPTable rules ====== 
- 
-===== Save and Restore iptables ===== 
- 
-As root, issue the command: 
- 
-This will save initial copies of the firewall rules. 
- 
-<code bash> 
-iptables-save > /etc/iptables/rules.v4 
-ip6tables-save > /etc/iptables/rules.v6 
-</code> 
- 
- 
-In **/etc/network/if-pre-up.d/iptables** enter the following: 
- 
-<file /etc/network/if-pre-up.d/iptables> 
-#!/bin/sh 
-iptables-restore < /etc/iptables/rules.v4 
-ip6tables-restore < /etc/iptables/rules.v6 
-exit 0 
-</file> 
- 
- 
-In **/etc/network/if-post-down.d/iptables** enter the following: 
- 
-<file /etc/network/if-post-down.d/iptables> 
-#!/bin/sh 
-iptables-save -c > /etc/iptables/rules.v4 
-if [ -f /etc/iptables/rules.v4 ]; then 
-  iptables-restore < /etc/iptables/rules.v4 
-fi 
-ip6tables-save -c > /etc/iptables/rules.v6 
-if [ -f /etc/iptables/rules.v6 ]; then 
-  ip6tables-restore < /etc/iptables/rules.v6 
-fi 
-exit 0 
-</file> 
- 
-Give permission to the scripts: 
- 
-<code bash> 
-sudo chmod +x /etc/network/if-post-down.d/iptables 
-sudo chmod +x /etc/network/if-pre-up.d/iptables 
-</code> 
- 
- 
-===== IPv4 vs IPv6 ===== 
- 
-There are slightly different commands used depending on IPv4 or IPv6. 
- 
-For IPv4 the commands are **iptables-save** and **iptables-restore**. 
- 
-For IPv6 the commands are **ip6tables-save** and **ip6tables-restore**. 
- 
- 
-===== Example Usage ===== 
- 
-==== Save the iptables rules ==== 
- 
-The generic method of saving iptables rules is to use the command **iptables-save**, which writes to stdout. 
- 
-<code bash> 
-iptables-save > /etc/network/iptables.rules.v4 
-ip6tables-save > /etc/network/iptables.rules.v6 
-</code> 
- 
-==== Restore the iptables rules ==== 
- 
-For IPv4, the output created by **iptables-save** can then by read on stdin by **iptables-restore**. Similarly, for IPv6, the output created by **ip6tables-save** can then by read on stdin by **ip6tables-restore**.  
- 
-If on a server, without NetworkManager, a common approach is then to use a **pre-up** command in /etc/network/interfaces. 
- 
-<file /etc/network/interfaces> 
-iface eth0 inet static 
-        .... 
-        pre-up iptables-restore < /etc/network/iptables.rules.v4 
-        pre-up ip6tables-restore < /etc/network/iptables.rules.v6         
-</file> 
  
iptables/save_iptable_rules.1475844647.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki