The iptables-save file format

General

The iptables-save format is an easy-to-parse representation of an iptables ruleset. Blank lines and those that begin with a # are ignored.

#Comment
*tablename
:BUILTINCHAIN POLICY [packets:bytes]
:USERCHAIN - [0:0]
-A CHAINNAME ...
[packets:bytes] -A CHAINNAME ...
COMMIT

Table

A table definition starts with a * and the table name. It is ended by COMMIT on a line by itself.

Policies

All builtin chains have a default policy, and counters for the packets that match the policy are stored. User-defined chains do not have a policy, and packets that reach the end of the chain will return to the calling chain. The counters are always zero.

Rules

Rules are entered as a commandline to iptables. (Internally, the same code processes them as does iptables arguments). The table argument is omitted, because it is specified at the start of the table definition.

Using iptables-save -c and iptables-restore -c, counters can be specified before the start of each rule.

• Home

  Daniel De Graaf

  ---

  My website, which I've developed in XHTML and CSS
• Links

  Links of programs/websites

  ---

  I visit these websites once in a while, so I decided to put them all on a page so I could find them easily. It's not updated that often.
• Linux

  Linux develoment

  ---

  The programs or patches I have made that relate to linux
• Networking
  • iptables

    Firewalling for Linux

    ---

    All firewalls for linux are based on iptables. Instead of using a frontend, I have example scripts and some useful programs to work with them.
  • IPv6

    Next-generation internet protocol

    ---

    IPv6, is an improved version of IPv4 with far more address space
• About Me

  About Me

  ---

  I'm a junior at Iowa State university. I'm interested in mathematics, physics, computer networking and security.
• Email Me

  Contact Me

  ---

  Email, Instant Message, Skype, file upload form...

Last modified Wed Apr 12 11:37:26 2006. ©2005-2007 Daniel De Graaf