====== Ubuntu - iptables - Save IPTable rules ====== ===== Save and Restore iptables ===== This will save initial copies of the firewall rules.


sudo iptables-save > /etc/iptables/rules.v4
sudo ip6tables-save > /etc/iptables/rules.v6

---- In **/etc/network/if-pre-up.d/iptables** enter the following: #!/bin/sh iptables-restore < /etc/iptables/rules.v4 ip6tables-restore < /etc/iptables/rules.v6 exit 0 In **/etc/network/if-post-down.d/iptables** enter the following: #!/bin/sh iptables-save -c > /etc/iptables/rules.v4 if [ -f /etc/iptables/rules.v4 ]; then iptables-restore < /etc/iptables/rules.v4 fi ip6tables-save -c > /etc/iptables/rules.v6 if [ -f /etc/iptables/rules.v6 ]; then ip6tables-restore < /etc/iptables/rules.v6 fi exit 0 Give permission to the scripts:


sudo chmod +x /etc/network/if-post-down.d/iptables
sudo chmod +x /etc/network/if-pre-up.d/iptables

---- ===== IPv4 vs IPv6 ===== There are slightly different commands used depending on IPv4 or IPv6. For IPv4 the commands are **iptables-save** and **iptables-restore**. For IPv6 the commands are **ip6tables-save** and **ip6tables-restore**. ---- ===== Example Usage ===== ==== Save the iptables rules ==== The generic method of saving iptables rules is to use the command **iptables-save**, which writes to stdout.


iptables-save > /etc/network/iptables.rules.v4
ip6tables-save > /etc/network/iptables.rules.v6

---- ==== Restore the iptables rules ==== For IPv4, the output created by **iptables-save** can then by read on stdin by **iptables-restore**. Similarly, for IPv6, the output created by **ip6tables-save** can then by read on stdin by **ip6tables-restore**. If on a server, without NetworkManager, a common approach is then to use a **pre-up** command in /etc/network/interfaces. iface eth0 inet static .... pre-up iptables-restore < /etc/network/iptables.rules.v4 pre-up ip6tables-restore < /etc/network/iptables.rules.v6