Show all current rules:

[root@zaphod ~]# iptables -L -v

Chain INPUT (policy DROP 1490 packets, 286K bytes)
 pkts bytes target     prot opt in     out     source               destination         
  169 1386K ACCEPT     all  --  lo     any     anywhere             anywhere            
 1425  114K ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 
    2   128 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:ssh 
    4   256 ACCEPT     icmp --  any    any     anywhere             anywhere            icmp echo-request 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1252 packets, 1637K bytes)
 pkts bytes target     prot opt in     out     source               destination 

Dump the rules to standard out:

[root@zaphod ~]# iptables-save

# Generated by iptables-save v1.4.7 on Sat Jan 19 12:58:12 2013
*filter
:INPUT DROP [1645:320384]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1277:1647869]
-A INPUT -i lo -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
COMMIT
# Completed on Sat Jan 19 12:58:12 2013

To save your settings to a file (usefull to import on other systems if your rules are complex):

[root@zaphod ~]# iptables-save > iptables_backup.txt

Easy to import on a different server or if you are testing:

[root@zaphod ~]# iptables-restore < iptables_backup.txt

And the important bit to remember for persistent firewall rules:

[root@zaphod ~]# service iptables save



Published

19 January 2013

Category

hacking

Tags