Network
ip6tables-restore
Restore IPv6 firewall rules from a saved rule set.
Additional Notes
ip6tables-restore loads and applies IPv6 firewall rules from a file or standard input. The input must be in the format produced by ip6tables-save. It is commonly used in system boot scripts and network service restarts to apply saved ip6tables configurations.
The command reads rules for all tables (filter, nat, mangle, raw, security), flushes existing rules, and sets the default policies and rules exactly as specified in the input file. This is faster than running individual ip6tables commands for a complex rule set.
Syntax
ip6tables-restore [options] [file]
Parameters
file: A file containing rules inip6tables-saveformat. If omitted, reads from standard input.
Common Options
-c,--counters: Restore the packet and byte counters along with the rules.-n,--noflush: Do not flush the existing table contents before restoring. New rules are appended to existing ones.-t,--test: Test the rule set without actually loading it. Check for syntax errors.-T table,--table table: Restore only the specified table.-h,--help: Display help.
Examples
sudo ip6tables-restore < /etc/ip6tables.rules
Restore IPv6 firewall rules from a saved rules file.
cat /etc/ip6tables.rules | sudo ip6tables-restore
Same as above, using a pipe to read from standard input.
sudo ip6tables-restore -c /etc/ip6tables.rules
Restore rules and the associated packet/byte counters.
sudo ip6tables-restore -n < /etc/ip6tables.rules
Append the saved rules to the existing rule set without flushing.
Practical Notes
- The input file format starts with
*table-name, followed by chain policies and rules, and ends withCOMMIT. - Use
ip6tables-saveto generate a compatible rules file. - The command flushes all existing
ip6tablesrules by default. Use-nto preserve existing rules. - On many distributions,
ip6tables-restoreis called from systemd service files or init scripts at boot time. - Always test a rules file with
-tbefore applying it to a production system. - The
ip6tables-restorecommand only affects IPv6 rules. IPv4 rules must be managed separately withiptables-restore.