How To Migrate Iptables Firewall Rules To A New Server

Lawrence

Introduction

When migrating from one server to another, it is often desirable to migrate the iptables firewall rules as part of the process. This tutorial will show you how to easily copy your active iptables rule set from one server to another.


Export Iptables Rules

Before we start migrating our iptables rules let's see that they are set to:

iptables -S

It should look something like our example:

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

Now we can export the current rules to a new file. For this we will use iptales-save command:

iptables-save > iptables-export

It will create new iptables-export file, which we will be able to used on a different server to load the firewall rules.


Import Iptables Rules

First of all we need to move our newly created file iptables-export to our other server. This can be done in many ways, for example simply moving it via FTP clients like FileZilla. Or by simply using scp:

scp iptables-export user@server_ip_address:/tmp

Where user - is a user of your other server (you can use 'root' as well), server_ip_address - IP address of the destination server and finally tmp - directory in which file will be transferred.

As we have file on our other server we can load the rules from it into iptables. For this we will use iptables-restore command:

iptables-restore < /tmp/iptables-export

This will load the rules into iptables. You can verify this with the command:

iptables -S


Save Rules

The easiest way to save iptables rules so they will remain after server's reboot, is to use iptables-persistent:

apt-get install iptables-persistent

In the future after updating your firewall rules do not forgot to run this command:

invoke-rc.d iptables-persistent save


Conclusion

That's it! Your firewall rules have been migrated from one of your servers to another.