Where are iptables's rulesets stored on Ubuntu 12.04?
iptables stores the rules in memory but the ruleset created by iptables-save ruleset-name can be found in the file
/var/lib/iptables/ruleset-name
These can be restored by invoking iptables-restore <ruleset-name>.
I can only confirm this for Ubuntu 12.04.03 LTS - maybe this location has changed in later versions of the iptables-package.
I think something like /etc/iptables/rulesets.d would have been a more logical place to store these.
The save-path is configured in /etc/init.d/iptables at line 27 and afterwards used by initd_save() which invokes initd_counters().
libdir=/var/lib/iptables
# ...
initd_counters () {
if test "${enable_save_counters:-false}" = true; then
echo -n " with counters"
$iptables_save -c > "$ruleset"
else
$iptables_save | sed '/^:/s@\[[0-9]\{1,\}:[0-9]\{1,\}\]@[0:0]@g' > "$ruleset"
fi
}
initd_save () {
rm -f $autosave
ruleset="${libdir}/$@"
echo -n "Saving iptables ruleset: save \"$@\""
initd_counters
echo "."
}
Related videos on Youtube
11 : 09
06 : 28
31 : 02
14 : 00
02 : 34 : 40
Nicolai Fröhlich
Updated on September 18, 2022Comments
-
Nicolai Fröhlich over 1 year
Ubuntu 12.04 LTS - iptables v1.4.12
TLDR:
Where are iptables's rulesets saved when invoking
iptables-save <ruleset-name>?Explanation:
According to this answer basic way of saving iptables's rules is invoking
iptables-save > /etc/iptables/rules.v4 ip6tables-save > /etc/iptables/rules.v6and afterwards loading/restoring these rules in
/etc/network/interfaceslike:iface eth0 inet static .... pre-up iptables-restore < /etc/iptables/rules.v4 pre-up ip6tables-restore < /etc/iptables/rules.v6... or putting these into a shell script in
/etc/network/if-pre-up.d.
This can be simplified by installing the
iptables-persistentpackage.sudo apt-get install iptables-persistent inovoke-rc.d iptables-persistent save update-rc.d iptables-persistent defaults
Following some tutorials i tried to invoke
service iptables status( a non-existant/unknown command for theiptablesversion/package that comes pre-installed with 12.04 ) and found this interesting output:Aborting iptables initd: unknown command(s): "status". ... save <ruleset> save the current ruleset load <ruleset> load a ruleset ... Saved rulesets: active, inactive ...There seem to be two rulesets i can load (
activeandinactive) ..... but where are these stored?
I can't find their location as active/inactive are pretty bad search terms and
dpkg-query -L iptablesdoesn't help either.As i'm provisioning my servers with
puppet/chefit would be nice to know wether there is some place i can put my rulesets and add a simple shell script to/etc/networking/if-pre-upto load these.Then i could ommit the
iptables-persistentpackage which ain't that flexible as it doesn't allow loading different rulesets.Thanks for your help.
-
Rondo about 10 years#cat /etc/os-release NAME="Ubuntu" VERSION="12.04.4 LTS, Precise Pangolin" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu precise (12.04.4 LTS)" VERSION_ID="12.04" # iptables-save ruleset.1 Unknown arguments found on commandline This does not appear to work
-
unc0nnected about 7 yearssame issue here
