Examples of saving iptables firewall rules in Ubuntu

Last Update:2017-02-28 Source: Internet

Author: User

Tags prepare iptables firewall

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Buntu to save the iptables rule and load the boot automatically:

Saving iptables Save Settings

After the machine restarts, the configuration information in the iptables will be emptied. You can save these configurations and allow Iptables to load automatically at startup, saving you from having to re-enter them each time. Iptables-save and Iptables-restore are used to save and restore settings.

Configuration onstartup boot Auto load configuration

First save the firewall rules to the/etc/iptables.up.rules file

# iptables-save >/etc/iptables.up.rules #需要sudo su-root Switch User after execution, direct sudo cmd is no good

Then Modify The/etc/network/interfacesscript to apply the rulesautomatically (the bottom line is added)

Then modify the script/etc/network/interfaces so that the system can apply these rules automatically (the last line is manually added).

Auto Eth0

Iface eth0 inet DHCP

Pre-up Iptables-restore </etc/iptables.up.rules

When the network interface is closed, you can let iptables use a different set of rules.

Auto Eth0

Iface eth0 inet DHCP

Pre-up Iptables-restore </etc/iptables.up.rules

Post-down Iptables-restore </etc/iptables.down.rules

Tips Tips

If you frequently edit iptables manually

Most people don't need to constantly change their firewall rules, so just set up the firewall rules based on the previous introduction. But if you are constantly modifying the firewall rules to make them more complete, you may want the system to save the firewall settings before each reboot. To do this you can add a row to the/etc/network/interfaces file:

Pre-up Iptables-restore </etc/iptables.up.rules

Post-down iptables-save >/etc/iptables.up.rules

The line "Post-down iptables-save >/etc/iptables.up.rules" would save the rules to being used on the next boot.

The Post-down iptables-save >/etc/iptables.up.rules will save the settings for use the next time you start.

Usingiptables-save/restore to test rules using iptables-save/restore test rule

The firewall rules can be easily modified and tested using Iptables-save and Iptables-restore. Run Iptables-save first to save the rule to a file, and then edit the file with the editor.

# Iptables-save >/etc/iptables.test.rules

# Gedit/etc/iptables.test.rules

If you set up a firewall rule based on the previous example, Iptables-save will produce a file similar to the following:

# generated by Iptables-save v1.3.1 on Sun Apr 2306:19:53 2006

*filter

: INPUT ACCEPT [368:102,354]

: FORWARD ACCEPT [0:0]

: OUTPUT ACCEPT [92,952:20,764,374]

-A input-m state--state related,established-j ACCEPT

-A input-i eth0-p tcp-m tcp--dport 22-j ACCEPT

-A input-i eth0-p tcp-m tcp--dport 80-j ACCEPT

-A input-i lo-j ACCEPT

-A input-m limit--limit 5/min-j LOG--log-prefix "iptables denied:"--log-level 7

-A input-j Drop

COMMIT

# Completed on Sun Apr 23 06:19:53 2006

The contents of the file is actually a variety of iptables commands, but the command name Iptables omitted. You can edit the file at will, and then save it. Then test the modified rule with the following command:

# Iptables-restore </etc/iptables.test.rules

Before you add the Iptables-save command to the/etc/network/interfaces file, don't forget to save your changes after the test.

# Iptables-save >/etc/iptables.up.rules

Supplemental: Backup and recovery of Iptables firewall rules

First, save the iptables rule to a file

# sudo iptables-save >/etc/iptables.up.rules

Then, modify the/etc/network/interfaces script to apply these rules automatically (the last line is added)

sudo echo "pre-up Iptables-restore </etc/iptables.up.rules" >>/etc/network/interfaces

You can also prepare a set of rules to apply it automatically:

First, save the iptables rule to a file

# sudo iptables-save >/etc/iptables.up.rules
Then, modify the/etc/network/interfaces script to apply these rules automatically (the last line is added)

sudo echo "pre-up Iptables-restore </etc/iptables.up.rules" >>/etc/network/interfaces
You can also prepare a set of rules to apply it automatically:

sudo echo "pre-up Iptables-restore </etc/iptables.up.rules" >>/etc/network/interfaces
sudo echo "Post-down Iptables-restore </etc/iptables.down.rules" >>/etc/network/interfaces

The above method has been tested in Ubuntu 12.04 and is in effect.

sudo echo "pre-up Iptables-restore </etc/iptables.up.rules" >>/etc/network/interfaces
sudo Echo "Post-down Iptables-restore </etc/iptables.down.rules" >>/etc/network/interfaces
above methods in Ubuntu 12.04 has been tested and effective.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More