Various stuff I forget how I do it.
View iptables
# View iptables
sudo iptables -nvL
Add/Remove/Replace
# Add a rule
iptables -A INPUT -p tcp --dport 80 -j ACCEPT # Append to end of chain
iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT # Insert at position 1 in chain
# Delete a rule
iptables -D INPUT 5 # 5 is index 5 in the INPUT-chain
# Replace a rule
iptables -R INPUT 1 -p tcp -s 192.168.0.0/24 --dport 80 -j ACCEPT # Replace rule at index 1
Persisting
Generally, tables are saved in
- /etc/sysconfig/iptables
- /etc/sysconfig/ip6tables
# Save and load
iptables-save > iptables.dump
iptables-restore < iptables.dump