Example of saving iptables firewall rules in Ubuntu

Last Update:2017-01-13 Source: Internet

Author: User

Tags prepare iptables

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

How to save iptables rules under buntu and automatically load them upon startup:

Saving iptables save settings

After the machine is restarted, the configuration information in iptables is cleared. You can save these configurations so that iptables is automatically loaded at startup, saving you the need to re-input each time. Iptables-save and iptables-restore are used to save and restore settings.

Configuration onstartup automatically loads Configuration upon startup

First, save the firewall rules to the/etc/iptables. up. rules file.

# Iptables-save>/etc/iptables. up. rules # run the sudo su-root command after switching to the user.

Then modify the/etc/network/interfacesscript to apply the rulesautomatically (the bottom line is added)

Then modify the script/etc/network/interfaces so that the system can automatically apply these rules (the last line is manually added ).

Auto eth0

Iface eth0 inet dhcp

Pre-up iptables-restore </etc/iptables. up. rules

When the network interface is disabled, you can have iptables use a set of different rule sets.

Auto eth0

Iface eth0 inet dhcp

Pre-up iptables-restore </etc/iptables. up. rules

Post-down iptables-restore </etc/iptables. down. rules

Tips skills

If you frequently edit iptables manually

Most people do not need to change their firewall rules frequently. Therefore, they only need to establish firewall rules according to the previous introduction. However, if you need to modify the firewall rules frequently to improve the firewall, you may want the system to save the firewall settings before each restart. Therefore, you can add a line in the/etc/network/interfaces file:

Pre-up iptables-restore </etc/iptables. up. rules

Post-down iptables-save>/etc/iptables. up. rules

The line "post-down iptables-save>/etc/iptables. up. rules" will save the rules to be used on the next boot.

"Post-down iptables-save>/etc/iptables. up. rules" will save the settings for use at next startup.

Usingiptables-save/restore to test rules using iptables-save/restore

You can use iptables-save and iptables-restore to conveniently modify and test firewall rules. Run iptables-save to save the rule to a file, and then edit the file in the editor.

# Iptables-save>/etc/iptables. test. rules

# Gedit/etc/iptables. test. rules

If you create a firewall rule based on the preceding example, iptables-save will generate a file similar to the following:

# Generated by iptables-save v1.3.1 on Sun Apr 2306: 19: 53 2006

* Filter

: Input accept [368: 102354]

: Forward accept [0: 0]

: Output accept [92952: 20764374]

-A input-m state -- state RELATED, ESTABLISHED-j ACCEPT

-A input-I eth0-p tcp-m tcp -- dport 22-j ACCEPT

-A input-I eth0-p tcp-m tcp -- dport 80-j ACCEPT

-A input-I lo-j ACCEPT

-A input-m limit -- limit 5/min-j LOG -- log-prefix "iptables denied:" -- log-level 7

-A input-j Drop

COMMIT

# Completed on Sun Apr 23 06:19:53 2006

The file content is actually a variety of iptables commands, but the command name iptables is omitted. You can edit the file and save it as needed. Run the following command to test the modified rule:

# Iptables-restore </etc/iptables. test. rules

If you have not added the iptables-save command to the/etc/network/interfaces file before, do not forget to save your modifications after the test.

# Iptables-save>/etc/iptables. up. rules

Supplement: backup and recovery of iptables firewall rules

First, save the iptables rule to a file.

# Sudo iptables-save>/etc/iptables. up. rules

Then, modify the/etc/network/interfaces script to automatically apply these rules (the last line is added)

Sudo echo "pre-up iptables-restore </etc/iptables. up. rules">/etc/network/interfaces

You can also prepare a set of rules to apply them automatically:

First, save the iptables rule to a file.

# Sudo iptables-save>/etc/iptables. up. rules
Then, modify the/etc/network/interfaces script to automatically apply these rules (the last line is added)

Sudo echo "pre-up iptables-restore </etc/iptables. up. rules">/etc/network/interfaces
You can also prepare a set of rules to apply them automatically:

Sudo echo "pre-up iptables-restore </etc/iptables. up. rules">/etc/network/interfaces
Sudo echo "post-down iptables-restore </etc/iptables. down. rules">/etc/network/interfaces

The above method has been tested in Ubuntu 12.04 and takes effect.

Sudo echo "pre-up iptables-restore </etc/iptables. up. rules">/etc/network/interfaces
Sudo echo "post-down iptables-restore </etc/iptables. down. rules">/etc/network/interfaces
The above method has been tested in Ubuntu 12.04 and takes effect.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More