How To Migrate Iptables Firewall Rules to a New Server
Source: DigitalOcean – Mitchell Anicas
Introduction
When migrating from one server to another, it is often desirable to migrate the iptables firewall rules as part of the process. This tutorial will show you how to easily copy your active iptables rule set from one server to another.
Prerequisites
This tutorial requires two servers. We will refer to the source server, which has the existing iptables rules, as Server A. The destination server, where the rules will be migrated to, will be referred to as Server B.
You will also need to have superuser, or sudo
, access to both servers.
View Existing Iptables Rules
Before migrating your iptables rules, let’s see what they are set to. You can do that with this command on Server A:
sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 15.15.15.51/32 -j DROP
The example rules above will be used to demonstrate the firewall migration process.
Export Iptables Rules
The iptables-save
command writes the current iptables rules to stdout
(standard out). This gives us an easy way to export the firewall rules to file, by redirecting stdout
to a file.
On the Server A, the one with the iptables rules that you want to migrate, use the iptables-save
to export the current rules to a file named « iptables-export » like this:
cd ~
sudo iptables-save > iptables-export
This will create the iptables-export
file, in your home directory. This file can be used on a different server to load the firewall rules into iptables.