Network
ip6tables-save
Save current IPv6 firewall rules for later restoration.
ipv6firewallnetfiltersaverules
Additional Notes
ip6tables-save dumps the current IPv6 netfilter rules to standard output in a format that can be read back by ip6tables-restore. It outputs rules for all tables with counters and policy information.
The saved output is a structured text format that includes table headers (*filter, *nat, etc.), chain default policies (:INPUT ACCEPT [0:0]), individual rules with their full specifications, and COMMIT markers. This format is the standard way to persistently store and distribute ip6tables configurations.
Syntax
ip6tables-save [options]
Parameters
options: Flags that change howip6tables-savebehaves.target: Optional file, device, interface, user, service, or command target when the command supports one.
Common Options
-c,--counters: Include the current packet and byte counters in the output.-t table,--table table: Save only the specified table instead of all tables.-M,--modprobe command: Use a specific modprobe command for loading kernel modules.-h,--help: Display help.
Examples
sudo ip6tables-save
Dump all current IPv6 rules to stdout.
sudo ip6tables-save > /etc/ip6tables.rules
Save the current IPv6 firewall rules to a file.
sudo ip6tables-save -t filter
Save only the filter table rules.
sudo ip6tables-save -c | less
View the current rules with packet and byte counters.
Practical Notes
- Use
ip6tables-save > fileto create a backup before making changes. - Rules saved with
-cinclude counter data that help with debugging traffic patterns. - The output of
ip6tables-saveis designed to be machine-readable; useip6tables -L -vfor human-readable output. - Combine with
ip6tables-restorein init scripts to make firewall rules persistent. - On Debian/Ubuntu, the
iptables-persistentpackage automates saving and restoring for bothiptablesandip6tables. - IPv4 rules must be saved separately using
iptables-save.