30

My system admin gave me a file with iptables rules. What command do I type in to load this?

I watched him do it before, and he did it in 1 line! Something like...iptables > thefile.dat ????

Alex
  • 8,591

3 Answers3

46

My system admin gave me a file with iptables rules. What command do I type in to load this?

iptables-restore < file-with-iptables-rules.txt

I watched him do it before, and he did it in 1 line! Something like...iptables > thefile.dat ????

iptables-save > file-with-iptables-rules.txt
Avery Payne
  • 14,664
  • Is it possible to import from a URL?

    eg:

    iptables-restore < http://git.company.com/Company/iptables-rules/blob/master/iptables-rules.txt

     – Jay Jun 06 '17 at 23:29
  • I believe the iptables-restore command functions local to the filesystem; however, nothing stops you from piping a data stream into it via curl or wget. So in theory, instead of just specifying a URL, you would fetch the contents of the file and pipe that to the command. – Avery Payne Jun 07 '17 at 21:07
  • Thanks @avery-payne Can you demonstrate what that might look like? – Jay Jun 08 '17 at 18:07
  • 1
    @Jay Probably something similar to curl -s SOME_URL | iptables-restore. – samthecodingman Jun 13 '17 at 08:02
  • If you want to do this with sudo you'll also need to use tee: sudo iptables-save | sudo tee /etc/iptables/rules.txt sudo iptables-restore /etc/iptables/rules.txt – jorfus Aug 17 '17 at 16:49
  • @jorfus All tee does is write to both stdout and a file at the same time. You certainly don't need to use it. – Eric Haynes Jul 03 '18 at 02:06
  • My point is that the answer will only work if you run it as root (you probably want to save your firewall rules in /etc/ since you don't want just anyone mucking around with your rules). So the following will fail: sudo iptables-save > /etc/iptables-rules.txt (I leave it as an exercise for the reader to explore why). You can either become root first (fine, but that's not great security hygiene) or do it in one command with sudo. If you want to do that you can use the form: echo something | sudo tee filename.txt That pattern is a good thing to know. – jorfus Jul 03 '18 at 16:28
  • If you do the update over ssh, you probably want iptables-apply instead. It safeguards you from accidental lock-out. – jchook Sep 04 '19 at 21:32
9

You load an iptables configuration file using iptables-restore

iptables-restore thefile.dat

This has effect immediately. However for this settings to be persistent over system reboot they must be saved. On most distributions this can be done with.

/etc/init.d/iptables save

As mentioned in other answers the configuration can be saved using

iptables-save > thesavefile.dat

The file itself is a text file and can be edited with any texteditor and then reloaded into iptables using the iptables-restore command.

hultqvist
  • 781
3

To import an iptables script into your ruleset

iptables-restore < /path/to/firewall_script
JS.
  • 3,901