Rules created with the iptables command are only
stored in RAM. If you were to restart your system after setting up
various iptables rules, they would be lost and you
would need to retype them. If you want particular rules to take effect
whenever your system boots, you need to save them to the
/etc/sysconfig/iptables file.
To do this, arrange your tables, chains, and rules the way they should
be the next time the system boots or iptables is
restarted, and type the /sbin/service iptables save
command as the root user. This causes the iptables
init script to run the /sbin/iptables-save program
and write the current iptables configuration to the
/etc/sysconfig/iptables file. This file should only
be readable by root, so your precise packet filtering rules are not
viewable by average users.
The next time the system boots, the iptables init
script will reapply the rules saved in
/etc/sysconfig/iptables by using the
/sbin/iptables-restore command.
While it is always a good idea to test a new iptables
rule before committing it to the
/etc/sysconfig/iptables file, it is possible to
copy iptables rules into this file from another
system's version of this file. This allows you to quickly distribute
sets of iptables rules to many different machines at
once. Simply restart iptables to make the new rules
take effect.
