
Introduction
Migrating iptables firewall rules between servers is a common task when transferring configurations. This tutorial demonstrates how to export and import iptables rules to ensure a seamless transition of firewall settings from one server to another.
Exporting Iptables Rules
First, check your current iptables rules with:
iptables -S
This command lists the current rules, which might look something like this:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
To export these rules, use the iptables-save
command:
iptables-save > iptables-export
This will create a file named iptables-export
containing your current rules.
Importing Iptables Rules
Transfer the iptables-export
file to the new server. You can use methods like FTP or SCP. For example, using SCP:
scp iptables-export user@server_ip_address:/tmp
Here, replace user
with your server username (e.g., root
), server_ip_address
with the destination server's IP address, and /tmp
with the directory where you want to place the file.
Once the file is on the new server, load the rules with:
iptables-restore < /tmp/iptables-export
Verify that the rules are correctly imported by running:
iptables -S
Saving Rules
To ensure that the iptables rules persist after a reboot, install iptables-persistent
:
apt-get install iptables-persistent
After making changes to your firewall rules, save them with:
invoke-rc.d iptables-persistent save
Conclusion
You have successfully migrated your iptables rules to a new server. By exporting, transferring, and importing the rules, and configuring them to persist across reboots, your firewall settings are now replicated on your new server.