iptables-save — dump iptables rules

ip6tables-save — dump iptables rules


iptables-save [-M modprobe] [-c] [-t table] [-f filename]

ip6tables-save [-M modprobe] [-c] [-t table] [-f filename]


iptables-save and ip6tables-save are used to dump the contents of IP or IPv6 Table in easily parseable format either to STDOUT or to a specified file.
, --modprobe modprobe

Specify the path to the modprobe(8) program. By default, iptables-save will inspect /proc/sys/kernel/modprobe to determine the executable’s path.

-f, --file filename

Specify a filename to log the output to. If not specified, iptables-save will log to STDOUT.

-c, --counters

Include the current values of all packet and byte counters in the output.

-t, --table tablename

Restrict output to only one table. If the kernel is configured with automatic module loading, an attempt will be made to load the appropriate module for that table if it is not already there.
If not specified, output includes all available tables. No module loading takes place, so in order to include a specific table in the output, the respective module (something like iptable_mangle or ip6table_raw) must be loaded first.


None known as of iptables-1.2.1 release


Harald Welte <laforge [AT]>
Rusty Russell <rusty [AT]>
Andras Kis-Szabo <kisza [AT]> contributed ip6tables-save.


iptables-apply(8), iptables-restore(8), iptables(8)

The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO, which details NAT, and the netfilter-hacking-HOWTO which details the internals.