Network
iptables-restore
Restore IPv4 firewall rules from a saved rule set.
Additional Notes
iptables-restore loads and applies IPv4 firewall rules from a file or standard input in the format produced by iptables-save. It is the standard way to apply a complete set of iptables rules atomically.
The command reads rules for all tables, flushes existing rules (unless --noflush is used), and populates the tables exactly as specified. It is significantly faster than executing individual iptables commands for complex configurations and is the standard method for loading firewall rules at boot time.
Syntax
iptables-restore [options] [file]
Parameters
file: A file containing rules iniptables-saveformat. If omitted, reads from standard input.
Common Options
-c,--counters: Restore packet and byte counters along with the rules.-n,--noflush: Do not flush existing rules before loading. Append new rules to existing ones.-t,--test: Test the rule set for syntax errors without loading.-T table,--table table: Restore only the specified table.-h,--help: Display help.
Examples
sudo iptables-restore < /etc/iptables.rules
Restore IPv4 firewall rules from a saved file.
sudo iptables-restore -c /etc/iptables.rules
Restore rules with packet and byte counters.
sudo iptables-restore -n < /etc/iptables.rules
Append saved rules to the current rule set without flushing.
sudo iptables-restore -t /etc/iptables.rules
Test the syntax of a rules file without applying it.
Practical Notes
- The input format is:
*table-name, then chain lines (:CHAIN POLICY [packets:bytes]), then rule lines, andCOMMIT. - Always test new rule files with
-ton a non-production system before deployment. - The
-nflag is useful for adding rules to a running system without interrupting existing traffic flows. - On many distributions,
iptables-restoreis called from systemd units or network init scripts to load firewall rules at boot. - Use
iptables-saveto create the rules file to be restored. iptables-restoreonly affects IPv4 rules. Useip6tables-restorefor IPv6.