• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 399
  • Last Modified:

How can I "copy" IPTables rules from an old RH 7.2 Firewall to a new Fedora Firewall

I've basically just joined a new company as head of IT - needless to say, I've been left with some rather screwed up software [and hardware] due to an incompetent predecessor. One of our major problems is a 7 year old desktop running a 4 year old version of Linux as a firewall. Now the original installation I'm told, was pretty tight - as such, I want to transcribe the old IPTables rules onto the new machine.

Is there a way of doing this - seeing as I'm not particularly au fait [yet] with Linux 7.2 or Fedora? If not, how can I see what the original rules were?
1 Solution
You can view the current rules via (as root):

iptables -L

There are a couple of places to look for the current configuration.  If your predecessor did it the Red Hat way, then look for a file called /etc/sysconfig/iptables.  Otherwise, check out /etc/rc.d/rc.local or /etc/rc.d/rc.firewall
nrjordanAuthor Commented:
Thanks - now that I've pulled all the data off the old fileserver, how do I configure the new one - is it just a case of editing the iptables file in vi to be identical to the old one or is it, as I expect, rather more complex than that...

As root, do
# /sbin/iptables-save    (on RH7.2)
and copy the /etc/sysconfig/iptables from RH7.2 to Fedora /etc/sysconfig/iptables.

Then restart the iptables on Fedora
# service iptables restart


Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

No, it really is as simple as Wesley makes it out to be.   You may want to take some time to review it to ensure that it is doing what you expect.  The only problem with Red Hat's method of doing it is that there will be no comments embedded within so you'll have to evaluate what your predecessor was doing.

And thank you, Wesly, for helping out.
AFAIK the most reliable method would be to copy the /etc/sysconfig/iptables
then compare results of following command on old and new installation:

(iptables -L -n -v&&iptables -L -n -v -t nat&&iptables -L -n -v -t mangle)|grep -v packets|cut -b 13-|sort

# probably you need to adjust 13 in the cut command above
nrjordanAuthor Commented:
Thanks guys - you've been a great help

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now