iptables rules can be easily import and export

September 24th, 2006 mysurface Posted in Admin, iptables, iptables-restore, iptables-save, Misc | Hits: 104569 | 2 Comments »

Some of the distro will come with default iptables rules such as RH based linux, but some of the distro such as ubuntu didn’t include that.

iptables rules can be insert by command iptables itself.

iptables -A INPUT -p udp --dport 222 -j ACCEPT

The above line append (-A) a rule in table INPUT, which indicate to ACCEPT packets come from anyplace with protocol udp and destination port 222. Iptables capable to do a lots more. To master it, you may consider to search for a book.

To easily setup firewalls for those distro who do not have one, i have a trick. Search for the distro which have default iptables rules, copy out the rules and store into a file, like this.

iptables-save > iptables.conf

The rules will be copy out and looks like this

# Generated by iptables-save v1.3.3 on Sun Sep 24 11:23:35 2006
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [35:1959]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sun Sep 24 11:23:35 2006

Then you can copy this file and restore at the machine you would like to have the same firewall rules.

iptables-restore < iptables.conf

To list all the rules binds on the machine, simply do this

iptables -L

To flush all iptables rules, means you clear off all rules and remains nothing, do this

iptables -F

To be better control will loaded automatically when machine startup, you can actually write a script and store at /etc/init.d. Check out this :

Firewall under ubuntu dapper

2 Responses to “iptables rules can be easily import and export”

  1. Block hidden keyloggers, Trojans, worms, and other suspicious programs.

  2. […] iptables rules can be easily import and export » Linux by Examples. […]

Leave a Reply