Storing iptables Information

Rules created with the iptables command are stored in RAM only. If you restart your system after setting up iptables rules, they will be lost. So in order for netfilter rules to persist through system reboot, you need to save them to the /etc/sysconfig/iptables file.

To do this, type the /sbin/service iptables save command as the root user. This causes the iptables init script to run the /sbin/iptables-save program and write the current iptables configuration to the /etc/sysconfig/iptables file. This file should be readable by root only, so that your packet filtering rules are not viewable by average users. The next time the system boots, the iptables init script will reapply the rules saved in /etc/sysconfig/iptables by using the /sbin/iptables-restore command.

While it is always a good idea to test a new iptables rule before committing it to the /etc/sysconfig/iptables file, it is possible to copy iptables rules into this file from another system’s version of this file. This allows you to quickly distribute sets of iptables rules to many different machines.