Let's say you have used the iptables-save command to save your current iptables rules to the /etc/sysconfig/iptables file, like this.
iptables-save > /etc/sysconfig/iptables
The /etc/sysconfig/iptables file will now have something like this.
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -j DROP
-A OUTPUT -p tcp -m tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
COMMIT
# Completed on Mon Sep 21 04:55:18 2020
Now let's say you add a rules to iptables. In this example, a rule is added to allow HTTP on port 80.
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
Now, when you use the list the iptables rules, the rule to allow HTTP on port 80 will be listed.
iptables -L -v
. . .
Chain INPUT (policy ACCEPT)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
Chain FORWARD (policy ACCEPT)
pkts bytes target prot opt in out source destination
Chain ACCEPT (policy ACCEPT)
pkts bytes target prot opt in out source destination
However, the /etc/sysconfig/iptables file will not include the rule to allow HTTP, since the iptables-save command was not used after adding the rule to allow HTTP. Let's issue the iptables-restore command.
iptables-restore < /etc/sysconfig/iptables
Now, when listing the rules, the rule to allow HTTP is no longer listed, because we restored iptables from the /etc/sysconfig/iptables file.
iptables -L -v
. . .
Chain INPUT (policy ACCEPT)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
Chain FORWARD (policy ACCEPT)
pkts bytes target prot opt in out source destination
Chain ACCEPT (policy ACCEPT)
pkts bytes target prot opt in out source destination
Did you find this article helpful?
If so, consider buying me a coffee over at