This is an old revision of the document!
Table of Contents
IPTables - Save IPTable rules
Save the iptables rules
The generic method of saving iptables rules is to use the command iptables-save, which writes to stdout.
iptables-save > /etc/network/iptables.rules.v4 ip6tables-save > /etc/network/iptables.rules.v6
Restore the iptables rules
For IPv4, the output created by iptables-save can then by read on stdin by iptables-restore. Similarly, for IPv6, the output created by ip6tables-save can then by read on stdin by ip6tables-restore.
If on a server, without NetworkManager, a common approach is then to use a pre-up command in /etc/network/interfaces.
iface eth0 inet static
....
pre-up iptables-restore < /etc/network/iptables.rules.v4
pre-up ip6tables-restore < /etc/network/iptables.rules.v6
Example usage
As root, issue the command:
iptables-save > /etc/iptables/rules.v4 ip6tables-save > /etc/iptables/rules.v6
In /etc/network/if-pre-up.d/iptables enter the following:
#!/bin/sh iptables-restore < /etc/iptables.rules.v4 ip6tables-restore < /etc/iptables/rules.v6 exit 0
In /etc/network/if-post-down.d/iptables enter the following:
#!/bin/sh iptables-save -c > /etc/iptables.rules.v4 if [ -f /etc/iptables.rules.v4 ]; then iptables-restore < /etc/iptables.rules.v4 fi ip6tables-save -c > /etc/iptables.rules.v6 if [ -f /etc/iptables.rules.v6 ]; then ip6tables-restore < /etc/iptables.rules.v6 fi exit 0
Give permission to the scripts:
sudo chmod +x /etc/network/if-post-down.d/iptables sudo chmod +x /etc/network/if-pre-up.d/iptables
IPv6
NOTE: Do note that the commands iptables, iptables-save and iptables-restore are IPv4 only. For IPv6 traffic the equivalent commands are ip6tables, ip6tables-save and ip6tables-restore.