Manualshelf

User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE
101102103104105106107108109110
Saving IPTables Rules
91
2.6.2.6. Listing Options
The default list command, iptables -L [<chain-name>], provides a very basic overview of the
default filter table's current chains. Additional options provide more information:
-v — Displays verbose output, such as the number of packets and bytes each chain has
processed, the number of packets and bytes each rule has matched, and which interfaces apply to a
particular rule.
-x — Expands numbers into their exact values. On a busy system, the number of packets and
bytes processed by a particular chain or rule may be abbreviated to Kilobytes, Megabytes
(Megabytes) or Gigabytes. This option forces the full number to be displayed.
-n — Displays IP addresses and port numbers in numeric format, rather than the default hostname
and network service format.
--line-numbers — Lists rules in each chain next to their numeric order in the chain. This option
is useful when attempting to delete the specific rule in a chain or to locate where to insert a rule
within a chain.
-t <table-name> — Specifies a table name. If omitted, defaults to the filter table.
2.6.3. Saving IPTables Rules
Rules created with the iptables command are stored in memory. If the system is restarted before
saving the iptables rule set, all rules are lost. For netfilter rules to persist through a system reboot,
they need to be saved. To save netfilter rules, type the following command as root:
/sbin/service iptables save
This executes the iptables init script, which runs the /sbin/iptables-save program and
writes the current iptables configuration to /etc/sysconfig/iptables. The existing /etc/
sysconfig/iptables file is saved as /etc/sysconfig/iptables.save.
The next time the system boots, the iptables init script reapplies the rules saved in /etc/
sysconfig/iptables by using the /sbin/iptables-restore command.
While it is always a good idea to test a new iptables rule before committing it to the /etc/
sysconfig/iptables file, it is possible to copy iptables rules into this file from another system's
version of this file. This provides a quick way to distribute sets of iptables rules to multiple
machines.
You can also save the iptables rules to a separate file for distribution, backup or other purposes. To
save your iptables rules, type the following command as root:
[root@myServer ~]# iptables-save > <filename>where <filename> is a user-defined name for
your ruleset.
Important
If distributing the /etc/sysconfig/iptables file to other machines, type /sbin/service
iptables restart for the new rules to take effect.