Output redirection doesn't work with iptables (Fedora Core 11)
 

Well, as I'm a newbie I don't understand this behavior:
I have an old box, with Fedora 11 successfully installed. I'm currently trying to work with iptables. Some info:

# uname -r
2.6.30.5-43.fc11.i586
# iptables -V
iptables v1.4.3.1

I tried to redirect the rules list to a file, for future inspection:

# cd /root/iptables/
# iptables -L > org-output
# cat org-output
# ls -l
total 0
-rwxrwxrwx. 1 root root 0 2009-10-27 03:13 org-output

However, I can do this:

# echo whatever > org-output
# cat org-output
whatever

Then I tried to do the same in my PC, it has Debian Lenny installed:

box:/home/user# uname -r
2.6.26-2-amd64
box:/home/user# iptables -V
iptables v1.4.2
box:/home/user# iptables -L > org-output
box:/home/user# cat org-output
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

I think I'm missing some simple configuration parameter, but I don't know what could it be.
Sorry for my English is not so well, I do the best I can.
Thanks everybody in advance.

Does the rules list print to the screen if you do this:

If so, then this should also work:

I just tested it.

Yes, sorry if I didn't let that clear. That's precisely the problem: screen output works. I'm not gonna type all output, but it is just like a normal "iptables -L" one:

# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED, ESTABLISHED
ACCEPT icmp -- anywhere anywhere

[...]

An so on, listing of course FORWARD and OUTPUT chains, etc.
I tried also changing output file destination directory and name (even using "dump.txt"), and still doesn't work.
I know it seems hard to believe...

from the really good HOWTO http://www.linuxhomenetworking.com/w...Using_iptables

Thanks, but sometimes it's hard to explain the nature of the problem.

I know that command exists (it's iptables-save, in fact, and it works), but i am not looking for an alternative way to do this. I wish to save the exact output of iptables -L, or at least to know why it isn't working by this way. Let's say that the following questions are related:

Why it isn't working? Why did it work in Lenny? Do you think it's related to iptables set itself, or there's something I'm missing about redirection mechanism?

The background of this is that I did have other strange problems with F11 command-line standard commands (like cp), and I need to distinguish between distro serious problems and my ignorance ;) .

Have you tried:

More words specifically related to the problem, and fewer words of background, would help.

Yes, no errors were listed. It created again an empty file called output.txt

I finally did:
It worked, and I got the output, but I'm still wondering why the original redirection doesn't work.

I was just trying that nice people like Chrism01 doesn't waste his/her time, because I'm focused in "iptables -L" output, and I'm curious about redirection behavior.
Not so much to say about the problem itself. I tried overwriting an existing file, adding options to the command (i.e, iptables -L -n, iptables -L -v), adding output to the file (i.e., using ">>"), and reading iptables and bash documentation.
If you don't have patience for beginners, maybe you shouldn't answer his questions.
Thanks anyway.

This is a really old thread, but Google sent me here and as there was no posted solution, I figured I'd update with my fix. I'm running RHEL 6 and temporarily disabling selinux solved the issue for me. Command to do that is "echo 0 > /selinux/enforce". To change back, "echo 1 > /selinux/enforce".

To summarize, the regular "iptables -L" and "iptables-save" commands produce the expected result. If I try to redirect that output to a file, however, no output is written to the file. Here's a demonstration:

[root@store1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- myhost anywhere tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

[root@store1 ~]# iptables -L > iptables.out
[root@store1 ~]# cat iptables.out
[root@store1 ~]#
[root@store1 ~]# \rm iptables.out
[root@store1 ~]# echo 0 > /selinux/enforce
[root@store1 ~]# iptables -L > iptables.out
[root@store1 ~]# cat iptables.out
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- myhost anywhere tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Thanks misterdot. I moved to Debian definitively a long time ago. But your answer is the only one that provides a clue. ;)