If you restart iptables, the "default rules" are loaded; those that are mentioned in some of the init scripts. So after restarting iptables your newly added rule is flushed away, unless you write it to the same place where all the other rules are (you should see where they are saved from the init script that loads iptables during boot). The command iptables-save
produces an output that you can redirect to a file like
iptables-save > iptables.rules
and then use that file to load the rules back if you happen to flush them. The output of iptables-save is just the same as if you would give the iptables commands one by one, but in a bit different form. You can load the file using iptables-restore
, I could imagine like
iptables-restore < iptables.rules
for more information about this.
I'm not sure how your iptables rules are built, but it should not be needed to restart the service; new rules should take action on all new connections. Maybe the rule not affecting has something to do with the way your iptables rules and chains are laid; is it a "stock-one" that came with your install, or have you created the rules yourself? I would recommend creating the iptables rules yourself from scratch, maybe using some "template", but yourself so that you know exactly what is going on in there. I'm not sure if iptables "reads" the rules from top till bottom or vice versa, i.e. does it matter when a rule is added (after or before a similar rule -- if two matching rules are found, which one of them is the effective one?)
My guess, though just a guess, is that the mentioned port matches some other rule that takes action and your new rule is not used. I'd start off by looking where the iptables rules are stored, read the whole file trough and try to deduce what is actually done to block the port; is it just a POLICY (-P) or maybe an appended (-A) rule? In the latter case you'll need to alter the APPENDed rule, or create a new one before it.
Maybe reading the man page (or texinfo: info iptables
) reveals more about how iptables handles the information, and reading the appropriate initscript might tell you where to look for the rules. Anyway, after you get it working, you must write your new rule to the same place where all the other rules are "loaded" during boot, unless you want t manually type it in every boot.