18.4. Saving iptables Rules
Rules created with the
iptables
command are stored in memory. If the system is restarted before saving the iptables
rule set, all rules are lost. For netfilter rules to persist through system reboot, they need to be saved. To do this, log in as root and type:
/sbin/service iptables save
This executes the
iptables
initscript, which runs the /sbin/iptables-save
program and writes the current iptables
configuration to /etc/sysconfig/iptables
. The existing /etc/sysconfig/iptables
file is saved as /etc/sysconfig/iptables.save
.
The next time the system boots, the
iptables
init script reapplies the rules saved in /etc/sysconfig/iptables
by using the /sbin/iptables-restore
command.
While it is always a good idea to test a new
iptables
rule before committing it to the /etc/sysconfig/iptables
file, it is possible to copy iptables
rules into this file from another system's version of this file. This provides a quick way to distribute sets of iptables
rules to multiple machines.
Important
If distributing the
/etc/sysconfig/iptables
file to other machines, type /sbin/service iptables restart
for the new rules to take effect.