iptables-save

Print the iptables configuration

$ sudo iptables-save

$ sudo iptables-save [[-t|--table]] [table]

$ sudo iptables-save [[-f|--file]] [path/to/file]

iptables-save [-c] [-t table] [file]

-c
    Include current packet and byte counters in the output

-t table
    Limit output to rules in the specified table (filter, nat, mangle, raw, security); repeatable

file
    Write output to file instead of stdout (default)

iptables-save is a utility that dumps the contents of the current iptables rule set from the Linux kernel's netfilter framework to standard output (stdout) in a portable format. This output can be reloaded later using iptables-restore, making it essential for backing up, migrating, or persisting firewall configurations across reboots.

By default, it saves rules from all tables (filter, nat, mangle, raw, security). The format includes table headers, chain policies, rules with matches, targets, and counters. It's designed for IPv4; use ip6tables-save for IPv6.

Common use cases include automated backups via cron jobs, configuration management with tools like Ansible, or quick rule exports during troubleshooting. Running without root privileges fails, as it reads kernel tables directly. Output is version-specific, so compatibility across kernel or iptables versions requires caution.

Requires root privileges; output format may differ between iptables versions or kernels; does not save non-iptables modules like conntrack; use with nftables (successor) via nft list ruleset instead.

Save all rules to file:
sudo iptables-save > /etc/iptables.rules

Save filter table only:
sudo iptables-save -t filter > filter.rules

Restore:
sudo iptables-restore < /etc/iptables.rules

*filter
:INPUT ACCEPT [0:0]
-A INPUT -s 192.168.1.0/24 -j ACCEPT
COMMIT

Part of netfilter/iptables project, introduced in Linux kernel 2.4 (2001) by Rusty Russell and team; widely used until nftables (kernel 3.13+, 2014) began replacing it for new deployments.

iptables-restore(8), iptables(8), ip6tables-save(8), nft(8)