The iptables-restore command is used to restore the
iptables rule-set that was saved with the
iptables-save command. It takes all the input from
standard input and can't load from files as of writing this,
unfortunately. This is the command syntax for iptables-restore:
iptables-restore [-c] [-n]
The -c argument restores the byte and packet counters
and must be used if you want to restore counters that were previously saved
with iptables-save. This argument may also be written
in its long form --counters.
The -n argument tells
iptables-restore to not overwrite the previously
written rules in the table, or tables, that it is writing to. The default
behavior of iptables-restore is to flush and destroy
all previously inserted rules. The short -n argument
may also be replaced with the longer format --noflush.
To load a rule-set with the iptables-restore command, we
could do this in several ways, but we will mainly look at the simplest
and most common way here.
cat /etc/iptables-save | iptables-restore -c
The following will also work:
iptables-restore -c < /etc/iptables-save
This would cat the rule-set located within the
/etc/iptables-save file and then pipe it to
iptables-restore which takes the rule-set on the
standard input and then restores it, including byte and packet counters.
It is that simple to begin with. This command could be varied until
oblivion and we could show different piping possibilities, however, this
is a bit out of the scope of this chapter, and hence we will skip that
part and leave it as an exercise for the reader to experiment with.
The rule-set should now be loaded properly to kernel and everything should
work. If not, you may possibly have run into a bug in these commands.