Output redirection doesn't work with iptables (Fedora Core 11)
Well, as I'm a newbie I don't understand this behavior:
I have an old box, with Fedora 11 successfully installed. I'm currently trying to work with iptables. Some info: # uname -r 2.6.30.5-43.fc11.i586 # iptables -V iptables v1.4.3.1 I tried to redirect the rules list to a file, for future inspection: # cd /root/iptables/ # iptables -L > org-output # cat org-output # ls -l total 0 -rwxrwxrwx. 1 root root 0 2009-10-27 03:13 org-output However, I can do this: # echo whatever > org-output # cat org-output whatever Then I tried to do the same in my PC, it has Debian Lenny installed: box:/home/user# uname -r 2.6.26-2-amd64 box:/home/user# iptables -V iptables v1.4.2 box:/home/user# iptables -L > org-output box:/home/user# cat org-output Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination I think I'm missing some simple configuration parameter, but I don't know what could it be. Sorry for my English is not so well, I do the best I can. Thanks everybody in advance. |
Quote:
Code:
# iptables -L Code:
# iptables -L > dump.txt |
Quote:
# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED, ESTABLISHED ACCEPT icmp -- anywhere anywhere [...] An so on, listing of course FORWARD and OUTPUT chains, etc. I tried also changing output file destination directory and name (even using "dump.txt"), and still doesn't work. I know it seems hard to believe... |
Quote:
|
Quote:
I know that command exists (it's iptables-save, in fact, and it works), but i am not looking for an alternative way to do this. I wish to save the exact output of iptables -L, or at least to know why it isn't working by this way. Let's say that the following questions are related: Why it isn't working? Why did it work in Lenny? Do you think it's related to iptables set itself, or there's something I'm missing about redirection mechanism? The background of this is that I did have other strange problems with F11 command-line standard commands (like cp), and I need to distinguish between distro serious problems and my ignorance ;) . |
Quote:
Code:
# iptables -L > output.txt 2>&1 Quote:
|
Quote:
I finally did: Code:
iptables -L | grep '' > output.txt Quote:
Not so much to say about the problem itself. I tried overwriting an existing file, adding options to the command (i.e, iptables -L -n, iptables -L -v), adding output to the file (i.e., using ">>"), and reading iptables and bash documentation. If you don't have patience for beginners, maybe you shouldn't answer his questions. Thanks anyway. |
This is a really old thread, but Google sent me here and as there was no posted solution, I figured I'd update with my fix. I'm running RHEL 6 and temporarily disabling selinux solved the issue for me. Command to do that is "echo 0 > /selinux/enforce". To change back, "echo 1 > /selinux/enforce".
To summarize, the regular "iptables -L" and "iptables-save" commands produce the expected result. If I try to redirect that output to a file, however, no output is written to the file. Here's a demonstration: [root@store1 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- myhost anywhere tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@store1 ~]# iptables -L > iptables.out [root@store1 ~]# cat iptables.out [root@store1 ~]# [root@store1 ~]# \rm iptables.out [root@store1 ~]# echo 0 > /selinux/enforce [root@store1 ~]# iptables -L > iptables.out [root@store1 ~]# cat iptables.out Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- myhost anywhere tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination |
Quote:
|
All times are GMT -5. The time now is 02:17 AM. |