June 18

Linux: Importing and exporting iptable rules

iptables rules can be easily import and export

iptables rules can be insert by command iptables itself.

iptables -A INPUT -p udp –dport 222 -j ACCEPT

The above line append (-A) a rule in table INPUT, which indicate to ACCEPT packets come from anyplace with protocol udp and destination port 222. Iptables capable to do a lots more. To master it, you may consider to search for a book.

To easily setup firewalls for those distro who do not have one, i have a trick. Search for the distro which have default iptables rules, copy out the rules and store into a file, like this.

iptables-save > iptables.conf

The rules will be copy out and looks like this

# Generated by iptables-save v1.3.3 on Sun Sep 24 11:23:35 2006
:OUTPUT ACCEPT [35:1959]
:RH-Firewall-1-INPUT – [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp –icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp –dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state –state NEW -m udp –dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state –state NEW -m udp –dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited
# Completed on Sun Sep 24 11:23:35 2006

Then you can copy this file and restore at the machine you would like to have the same firewall rules.

iptables-restore < iptables.conf

To list all the rules binds on the machine, simply do this

iptables -L

To flush all iptables rules, means you clear off all rules and remains nothing, do this

iptables -F

By: mysurface

Copyright 2021. All rights reserved.

Posted June 18, 2013 by Timothy Conrad in category "Linux

About the Author

If I were to describe myself with one word it would be, creative. I am interested in almost everything which keeps me rather busy. Here you will find some of my technical musings. Securely email me using - PGP: 4CB8 91EB 0C0A A530 3BE9 6D76 B076 96F1 6135 0A1B