CentOS / RHEL 6 : How to Save iptables Rules

Question : I set up my firewall/packet filtering but after a reboot the rules are not there any more.

Solution:
By default, rules created with the iptables command are stored in memory. If the system is restarted before saving the iptables rule set, all rules will be lost. For netfilter rules to persist through system reboot, they need to be saved. To do this, log in as root and type:

# service iptables save

This executes the iptables init script, which runs the iptables-save program and writes the current iptables configuration to /etc/sysconfig/iptables. The existing /etc/sysconfig/iptables file is saved as /etc/sysconfig/iptables.save.

The next time the system boots, the iptables init script reapplies the rules saved in /etc/sysconfig/iptables by using the iptables-restore command.

Another method to save the iptables rules

Another option is to use the iptables-save and iptables-restore commands. To save the current iptables rule set into a file of your choice :

# iptables-save > /tmp/rules.backup

Restoring the Rules

You can restore the ruleset at a later time by running

# iptables-restore 
Remember that for the restore to work, you should have first taken the backup of the existing iptables rules.

Ensuring that iptables service start on boot

Another issue commonly faced by users is that the iptables service in not enabled to start on boot. To avoid this, verify that the service was set to start on boot

# chkconfig iptables --list
iptables          0:off   1:off   2:off   3:on    4:on    5:on    6:off

If iptables is off, then enable the service for runlevels 3-5

# chkconfig iptables on
Related Post