Network
iptables-save
Save current IPv4 firewall rules for later restoration.
ipv4firewallnetfiltersaverules
Additional Notes
iptables-save dumps the current IPv4 netfilter firewall rules to standard output in a format that can be read back by iptables-restore. It outputs all tables with their chain policies, rules, and optional packet/byte counters.
The output format consists of table headers (*filter, *nat, *mangle, *raw, *security), each with chain policy lines and rule lines, terminated by COMMIT. This format is used by firewall management tools, boot scripts, and packaging systems to persist iptables configurations across reboots.
Syntax
iptables-save [options]
Parameters
options: Flags that change howiptables-savebehaves.target: Optional file, device, interface, user, service, or command target when the command supports one.
Common Options
-c,--counters: Include current packet and byte counters in the output.-t table,--table table: Save only the specified table.-M,--modprobe command: Use a specific modprobe command.-h,--help: Display help.
Examples
sudo iptables-save
Dump all current IPv4 rules to stdout.
sudo iptables-save > /etc/iptables.rules
Save the current firewall rules to a file.
sudo iptables-save -t nat
Save only the NAT table rules.
sudo iptables-save -c | head -20
View the first 20 lines of the rules with counters.
Practical Notes
- Redirect the output to a file to create a backup of your current firewall configuration.
- The
-coption includes byte and packet counts, which can be useful for traffic analysis. - The output is machine-parseable and can be used in scripts to generate firewall reports.
- Restore saved rules with
iptables-restore < file. - On Debian/Ubuntu,
iptables-persistentusesiptables-saveandiptables-restoreto save and load rules automatically. - IPv6 rules must be saved separately using
ip6tables-save.