To safely back up and restore your Linux firewall, you need to consider the specific firewall tool you are using. This guide covers UFW, Firewalld, iptables, and nftables, with clear steps to ensure your rules are preserved and restored correctly.
General Strategy
- Back up both active rules and configuration files.
- Store backups outside system directories (
/etc,/var) to avoid loss during package removal. - Restore only after disabling the firewall or stopping its service.
UFW (Uncomplicated Firewall)
Backup:
mkdir -p ~/Documents/firewall-backups/ufw sudo ufw status numbered > ~/Documents/firewall-backups/ufw/ufw-rules.txt sudo cp -a /etc/ufw ~/Documents/firewall-backups/ufw/config
Restore:
sudo ufw disable sudo cp -a ~/Documents/firewall-backups/ufw/config/* /etc/ufw/ sudo ufw enable
Firewalld
Backup:
mkdir -p ~/Documents/firewall-backups/firewalld sudo firewall-cmd --runtime-to-permanent sudo firewall-cmd --list-all > ~/Documents/firewall-backups/firewalld/summary.txt sudo cp -a /etc/firewalld ~/Documents/firewall-backups/firewalld/config
Restore:
sudo systemctl stop firewalld sudo cp -a ~/Documents/firewall-backups/firewalld/config/. /etc/firewalld/ sudo systemctl start firewalld
iptables
Backup:
mkdir -p ~/Documents/firewall-backups/iptables sudo iptables-save > ~/Documents/firewall-backups/iptables/iptables.rules sudo ip6tables-save > ~/Documents/firewall-backups/iptables/ip6tables.rules
Restore:
sudo iptables-restore < ~/Documents/firewall-backups/iptables/iptables.rules sudo ip6tables-restore < ~/Documents/firewall-backups/iptables/ip6tables.rules
To persist rules across reboots:
sudo apt install iptables-persistent sudo netfilter-persistent save sudo netfilter-persistent reload
On other distros, use:
sudo iptables-save > /etc/sysconfig/iptables sudo ip6tables-save > /etc/sysconfig/ip6tables sudo iptables-restore < /etc/sysconfig/iptables sudo ip6tables-restore < /etc/sysconfig/ip6tables sudo service iptables save
nftables
Backup:
mkdir -p ~/Documents/firewall-backups/nftables sudo nft list ruleset > ~/Documents/firewall-backups/nftables/nftables.rules
Restore:
sudo nft -f ~/Documents/firewall-backups/nftables/nftables.rules
To persist rules:
sudo cp ~/Documents/firewall-backups/nftables/nftables.rules /etc/nftables.conf sudo systemctl enable nftables sudo systemctl restart nftables
Note: Before resetting or restoring any firewall, you may want to back up your current rules.
By following these steps, you can safely back up and restore Linux firewall configurations across different tools. This ensures your security setup remains consistent and recoverable after system changes or reinstalls.
Tags
Linux