Basic use of iptables backup, recovery, and firewall scripts

In Linux, iptables provides commands for batch backup and recovery rules and standard system services to enable and disable firewall functions.

Recommended reading:

Iptables-packet filtering (Network Layer) Firewall

Linux Firewall iptables

Iptables + L7 + Squid implements a complete software firewall

Iptables firewall details and use layer7 to block qq, cool dog, and other P2P software

Detailed description of firewall iptables usage rules in Linux

I. Rule export and import:

Rule backup and Restoration:

Two commands, iptables-save and iptables-restore, are used for batch backup and restoration of firewall rules ).

1. iptables-save command:

The iptables-save command is used to batch export Linux firewall rules.

Directly execute iptables-save: displays all currently enabled rules, which are listed in the order of raw, mangle, nat, and filter tables;

-T table name: lists a table;

Eg: list the rules of the nat table:

Note:

• "#" Indicates the comment; "* Table Name" indicates the table where the comment is located;

• ": The chain name default policy" indicates the corresponding chain and default policy. The command name "iptables" is omitted in the specific rule section ";

• "COMMIT" indicates submitting the previous rule settings;

Eg: Back up all the firewall rules that have been set as the/opt/iptables.txt file:

[Root @ iptables ~] # Iptables-save>/opt/iptables.txt ### back up rules for all tables

[Root @ iptables ~] # Wc-l/opt/iptables.txt ### confirm the number of rows of the backup rule

Format of backing up a table: iptables-save-t table name

Eg: when the regular content of the current filtertable is the filter.txt file:

2. iptables-restore command:

Purpose: Import Linux firewall rules in batches. You also need to specify the location of the backup file with the redirection input.

3. Use the iptables service:

Script location:/etc/init. d/iptables

Location of the Rule file:/etc/sysconfig/iptables (this file is not available by default)

A. automatically enable firewall rules:

Back up the various iptables rules that have been debugged using iptables-save as the default rule configuration file/etc/sysconfig/iptables, and then call it through the iptables service.

Eg: Save the current firewall rule, and set to automatically rebuild after each boot according to the saved rule content:

If you have already set a firewall rule, the start operation checks and clears the existing rule, unmounts some modules, and re-creates (equivalent to restart), which may cause transient network connection interruption, we recommend that you run the command automatically at startup instead of manually.

B. Clear all firewall rules:

Disabling the iptables service is the quickest way to clear all the tables at once:

Next, let's take a look at the highlights of page 2nd:

1 2 Next Page