Working with IPTables

John G. Heim jheim at
Thu Sep 25 20:48:24 UTC 2008

> But, if I want to play around with IPTables directly, any tips?
> Many thanks,
> Christian

I kind of stole my technique from Red Hat. It's not exactly what they do. 
The first thing I do is save the current iptables rule set to a file with 
the iptables-save command. Then, if it gets messed up, I can put it back 
with the iptables-restore command. Oh, by the way, when you're messing with 
your rules, login at the console or via a serial port. Do not ssh.

After you save the rules, you can either make a copy of the rules file and 
tweak that. Or you can just type in a new iptables rule and see if it does 
what you want. If it does, you can use the iptables-save command again.

I don't think there is any easy way to learn to use iptables. It has a 
rather steep learning curve. I think that the only thing you can do is ask 
the google for iptables tutorials and dig in.

Once you have a set of rules you like, save them with iptables-save and then 
put a call to iptables-restore somewhere in your startup.  Like in 
/etc/rc.local. I use debian so I put mine in an init.d script named 
firewall. That way it starts automatically at boot and when I'm messing with 
it, I can say any of the following:

/etc/init.d/firewall start
/etc/init.d/firewall stop
/etc/init.d/firewall restart

More information about the Blinux-list mailing list