Jason Yu
asked on
How to make a iptables firewall rule
Dear experts here:
I have added a rule in /etc/sysconfig/iptables file for my iptables firewall but it failed when I restarted the service.
[root@titan ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: iptables-restore: line 10 failed
[FAILED]
[root@titan ~]#
The file is as below, line number 8 is what I just added.
I have added a rule in /etc/sysconfig/iptables file for my iptables firewall but it failed when I restarted the service.
[root@titan ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: iptables-restore: line 10 failed
[FAILED]
[root@titan ~]#
The file is as below, line number 8 is what I just added.
1 # Generated by iptables-save v1.3.5 on Sat Jan 19 11:04:49 2013
2 *filter
3 :INPUT ACCEPT [179065:145346048]
4 :FORWARD ACCEPT [0:0]
5 :OUTPUT ACCEPT [159509:132200597]
6 -A INPUT -p tcp -m state --state NEW -m tcp --dport 8000 -j ACCEPT
7 -A INPUT -p tcp -m state --state NEW -m tcp --dport 8000 -j ACCEPT
8 -A INPUT -p udp -s 10.10.4.0/22 -m state --state NEW -m udp --dport 123 -j ACCEPT
9 -A INPUT -p tcp -m state --state NEW -m tcp --dport 8000 -j DROP
10 COMMIT
11 # Completed on Sat Jan 19 11:04:49 2013
12
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
[root@titan ~]# cat /etc/*-release
CentOS release 6.3 (Final)
CentOS release 6.3 (Final)
CentOS release 6.3 (Final)
[root@titan ~]#
CentOS release 6.3 (Final)
CentOS release 6.3 (Final)
CentOS release 6.3 (Final)
[root@titan ~]#
ASKER
Interesting, it's working now.
[root@titan ~]# service iptables reload
[root@titan ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8000
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8000
3 ACCEPT udp -- 10.10.4.0/22 0.0.0.0/0 state NEW udp dpt:123
4 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8000
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[root@titan ~]#
[root@titan ~]# service iptables reload
[root@titan ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8000
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8000
3 ACCEPT udp -- 10.10.4.0/22 0.0.0.0/0 state NEW udp dpt:123
4 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8000
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[root@titan ~]#
ASKER
[root@titan ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[root@titan ~]#