In this post we will learn about how to backup and restore iptables on CentOS 7 and RHEL 7. The steps are still same as we have found in previous CentOS/RHEL versions.

For backup and restore process of iptables, you should be login with root user in system

Step 1 : To take iptables backup

iptables-save > iptables.bak

The iptables rules backup will be stored in file called iptables.bak (as given in above command. You can give any name to backup file)

Step 2 : To restore iptables

iptables-restore < iptables.bak

Restoring the iptables rules from backup file of iptables i.e iptables.bak which was created in Step 1

Given below is the reference from my system.(step by step)
With the help of iptables -nL command, you can list the iptables rule .
iptables -F will flush the iptables rules

[root@localhost ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@localhost ~]# 
[root@localhost ~]# iptables-save > iptables.bak 
[root@localhost ~]# 
[root@localhost ~]# cat iptables.bak 
# Generated by iptables-save v1.4.21 on Sun Jul 27 06:38:43 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [14313:864296]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sun Jul 27 06:38:43 2014
[root@localhost ~]# 
[root@localhost ~]# iptables -F
[root@localhost ~]# 
[root@localhost ~]# iptables-restore < iptables.bak 
[root@localhost ~]# 
[root@localhost ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@localhost ~]#

Read Some More Articles

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.