How can I "copy" IPTables rules from an old RH 7.2 Firewall to a new Fedora Firewall

Posted on 2004-11-18
Last Modified: 2010-04-22
I've basically just joined a new company as head of IT - needless to say, I've been left with some rather screwed up software [and hardware] due to an incompetent predecessor. One of our major problems is a 7 year old desktop running a 4 year old version of Linux as a firewall. Now the original installation I'm told, was pretty tight - as such, I want to transcribe the old IPTables rules onto the new machine.

Is there a way of doing this - seeing as I'm not particularly au fait [yet] with Linux 7.2 or Fedora? If not, how can I see what the original rules were?
Question by:nrjordan
    LVL 6

    Accepted Solution

    You can view the current rules via (as root):

    iptables -L

    There are a couple of places to look for the current configuration.  If your predecessor did it the Red Hat way, then look for a file called /etc/sysconfig/iptables.  Otherwise, check out /etc/rc.d/rc.local or /etc/rc.d/rc.firewall

    Author Comment

    Thanks - now that I've pulled all the data off the old fileserver, how do I configure the new one - is it just a case of editing the iptables file in vi to be identical to the old one or is it, as I expect, rather more complex than that...
    LVL 38

    Expert Comment


    As root, do
    # /sbin/iptables-save    (on RH7.2)
    and copy the /etc/sysconfig/iptables from RH7.2 to Fedora /etc/sysconfig/iptables.

    Then restart the iptables on Fedora
    # service iptables restart


    LVL 6

    Expert Comment

    No, it really is as simple as Wesley makes it out to be.   You may want to take some time to review it to ensure that it is doing what you expect.  The only problem with Red Hat's method of doing it is that there will be no comments embedded within so you'll have to evaluate what your predecessor was doing.

    And thank you, Wesly, for helping out.
    LVL 51

    Expert Comment

    AFAIK the most reliable method would be to copy the /etc/sysconfig/iptables
    then compare results of following command on old and new installation:

    (iptables -L -n -v&&iptables -L -n -v -t nat&&iptables -L -n -v -t mangle)|grep -v packets|cut -b 13-|sort

    # probably you need to adjust 13 in the cut command above

    Author Comment

    Thanks guys - you've been a great help

    Featured Post

    Live: Real-Time Solutions, Start Here

    Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

    Join & Write a Comment

    Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
    BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (, affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now