How To Migrate Iptables Firewall Rules To A New Server
When migrating from one server to another, it is often desirable to migrate the iptables firewall rules as part of the process. This tutorial will show you how to easily copy your active iptables rule set from one server to another.
Export Iptables Rules
Before we start migrating our iptables rules let's see that they are set to:
It should look something like our example:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
Now we can export the current rules to a new file. For this we will use iptales-save command:
iptables-save > iptables-export
It will create new iptables-export file, which we will be able to used on a different server to load the firewall rules.
Import Iptables Rules
First of all we need to move our newly created file iptables-export to our other server. This can be done in many ways, for example simply moving it via FTP clients like FileZilla. Or by simply using scp:
scp iptables-export [email protected]_ip_address:/tmp
Where user - is a user of your other server (you can use 'root' as well), server_ip_address - IP address of the destination server and finally tmp - directory in which file will be transferred.
As we have file on our other server we can load the rules from it into iptables. For this we will use iptables-restore command:
iptables-restore < /tmp/iptables-export
This will load the rules into iptables. You can verify this with the command:
The easiest way to save iptables rules so they will remain after server's reboot, is to use iptables-persistent:
apt-get install iptables-persistent
In the future after updating your firewall rules do not forgot to run this command:
invoke-rc.d iptables-persistent save
That's it! Your firewall rules have been migrated from one of your servers to another.