How to migrate iptables firewall rules to new server

This guide will show you what to do to move your firewall rules from one server to another.

Beginning of work

You need the following before starting this tutorial:

You will be passing rules from one to the other, so if you want to, make sure each one has a different firewall rule before starting this tutorial in order to demonstrate its effectiveness.

Manual

First, check the current iptables rules on server1.

iptables -S

The output should be something like this:

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -s 9.8.7.6/32 -j DROP

You have the option to save the iptables rules on server1 to a file. This is the team to do it.

iptables-save > iptables-rules-file

Now you can copy the file from server1 to server2. This is really all you need to restore the rules on a different server.

scp iptables-rules-file [email protected]:/root

Restore rules on server2 from file.

iptables-restore < /root/iptables-rules-file

Review your iptables rules on server2 to make sure they were actually copied.

iptables -S

It should match the previous output from server1.

Outcome

All! You should now successfully migrate your iptables rules from one server to another. Refer to the Iptables man pages for an idea of ​​what else you can do with this versatile program. If you enjoyed this article, please share it with your friends.

Sidebar