iptables-save command in Linux with examples
The information transfer from a remote computer to your local computer and the vice-versa are viewed as the transfer of data packets by the firewall. The firewall has the control of data packets that are both incoming and outgoing. iptables is a utility to create a rule-based firewall that is pre-installed in most of the Linux computers. iptables command talks to the kernel and helps to control the data packets that use IPv4 protocol as the packet-switching protocol. Since firewall works in kernel level, to use the iptables command, root privilege is required. By default the firewall runs without any rules. The below example shows how to list the rules.
iptables -L -n -v
This example shows how to block all INPUT chain connections from the IP address 10.10.10.10.
iptables -A INPUT -s 10.10.10.10 -j DROP
Whenever the computer is rebooted or restarted, the iptables service and the existing rules are flushed out or reset. Hence, the above rule will be discarded by the computer if the computer gets restarted. To prevent such customized rules from getting scrapped, below command is used. It saves the rules automatically whereas it can also be manually stored in a user-specified file and can be reused later.
Now, even if the computer is restarted, the rules that you saved will be loaded automatically. The screenshot after rebooting the computer.
If the rules are not needed once the computer is restarted or if the purpose is to flush all the rules once the system is rebooted, iptables-save is of no use.
As discussed earlier, the user can use iptables-save command which will save the current iptables rules in a user specified file, that can be used later when the user wants. The following example saves the rules in /etc/iptablesRule.v4 .
iptables-save > /etc/iptablesRule.v4
Even after restarting the computer the following example helps to reload the rules from the saved file.
iptables-restore < /etc/iptablesRule.v4
The following holds the meaning for options.
iptables-save [-c] [-t table]
The -c argument tells iptables-save helps to keep track of the byte and packet counter values when the rule is issued. This helps in resuming the packet transfer from where the rule was previously established. Hence, it is useful in maintaining continuity. The default value is, of course, to not keep the counters intact when issuing this command.
The -t argument tells the iptables-save command which tables to save that contains specific rules and chains. By default, all the tables are saved.