Review your favorite Linux distribution.
 Home Forums HCL Reviews Tutorials Articles Register Search Today's Posts Mark Forums Read
 LinuxQuestions.org [SOLVED] Output redirection doesn't work with iptables (Fedora Core 11)
 User Name Remember Me? Password
 Linux - Newbie This Linux forum is for members that are new to Linux. Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

 10-27-2009, 01:55 AM #1 andrei.wap LQ Newbie   Registered: Jul 2009 Location: Argentina Distribution: Debian Squeeze amd64 Posts: 16 Rep: Output redirection doesn't work with iptables (Fedora Core 11) Well, as I'm a newbie I don't understand this behavior: I have an old box, with Fedora 11 successfully installed. I'm currently trying to work with iptables. Some info: # uname -r 2.6.30.5-43.fc11.i586 # iptables -V iptables v1.4.3.1 I tried to redirect the rules list to a file, for future inspection: # cd /root/iptables/ # iptables -L > org-output # cat org-output # ls -l total 0 -rwxrwxrwx. 1 root root 0 2009-10-27 03:13 org-output However, I can do this: # echo whatever > org-output # cat org-output whatever Then I tried to do the same in my PC, it has Debian Lenny installed: box:/home/user# uname -r 2.6.26-2-amd64 box:/home/user# iptables -V iptables v1.4.2 box:/home/user# iptables -L > org-output box:/home/user# cat org-output Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination I think I'm missing some simple configuration parameter, but I don't know what could it be. Sorry for my English is not so well, I do the best I can. Thanks everybody in advance.
10-27-2009, 03:06 AM   #2
lutusp
Member

Registered: Sep 2009
Distribution: Fedora
Posts: 835

Rep:
Quote:
 Originally Posted by andrei.wap Well, as I'm a newbie I don't understand this behavior: I have an old box, with Fedora 11 successfully installed. I'm currently trying to work with iptables. Some info: # uname -r 2.6.30.5-43.fc11.i586 # iptables -V iptables v1.4.3.1 I tried to redirect the rules list to a file, for future inspection: # cd /root/iptables/ # iptables -L > org-output # cat org-output # ls -l total 0 -rwxrwxrwx. 1 root root 0 2009-10-27 03:13 org-output However, I can do this: # echo whatever > org-output # cat org-output whatever Then I tried to do the same in my PC, it has Debian Lenny installed: box:/home/user# uname -r 2.6.26-2-amd64 box:/home/user# iptables -V iptables v1.4.2 box:/home/user# iptables -L > org-output box:/home/user# cat org-output Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination I think I'm missing some simple configuration parameter, but I don't know what could it be. Sorry for my English is not so well, I do the best I can. Thanks everybody in advance.
Does the rules list print to the screen if you do this:

Code:
# iptables -L
If so, then this should also work:

Code:
# iptables -L > dump.txt
I just tested it.

10-27-2009, 07:56 AM   #3
andrei.wap
LQ Newbie

Registered: Jul 2009
Location: Argentina
Distribution: Debian Squeeze amd64
Posts: 16

Original Poster
Rep:
Quote:
 Originally Posted by lutusp Does the rules list print to the screen if you do this: Code: # iptables -L If so, then this should also work: Code: # iptables -L > dump.txt I just tested it.
Yes, sorry if I didn't let that clear. That's precisely the problem: screen output works. I'm not gonna type all output, but it is just like a normal "iptables -L" one:

# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED, ESTABLISHED
ACCEPT icmp -- anywhere anywhere

[...]

An so on, listing of course FORWARD and OUTPUT chains, etc.
I tried also changing output file destination directory and name (even using "dump.txt"), and still doesn't work.
I know it seems hard to believe...

10-27-2009, 07:33 PM   #4
chrism01
LQ Guru

Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.6, Centos 5.10
Posts: 16,462

Rep:
Quote:
 The service iptables save command permanently saves the iptables configuration in the /etc/sysconfig/iptables file.
from the really good HOWTO http://www.linuxhomenetworking.com/w...Using_iptables

10-28-2009, 05:45 PM   #5
andrei.wap
LQ Newbie

Registered: Jul 2009
Location: Argentina
Distribution: Debian Squeeze amd64
Posts: 16

Original Poster
Rep:
Quote:
 Originally Posted by chrism01 from the really good HOWTO http://www.linuxhomenetworking.com/w...Using_iptables
Thanks, but sometimes it's hard to explain the nature of the problem.

I know that command exists (it's iptables-save, in fact, and it works), but i am not looking for an alternative way to do this. I wish to save the exact output of iptables -L, or at least to know why it isn't working by this way. Let's say that the following questions are related:

Why it isn't working? Why did it work in Lenny? Do you think it's related to iptables set itself, or there's something I'm missing about redirection mechanism?

The background of this is that I did have other strange problems with F11 command-line standard commands (like cp), and I need to distinguish between distro serious problems and my ignorance .

10-28-2009, 07:33 PM   #6
lutusp
Member

Registered: Sep 2009
Distribution: Fedora
Posts: 835

Rep:
Quote:
 Originally Posted by andrei.wap Thanks, but sometimes it's hard to explain the nature of the problem. I know that command exists (it's iptables-save, in fact, and it works), but i am not looking for an alternative way to do this. I wish to save the exact output of iptables -L, or at least to know why it isn't working by this way. Let's say that the following questions are related: Why it isn't working? Why did it work in Lenny? Do you think it's related to iptables set itself, or there's something I'm missing about redirection mechanism? The background of this is that I did have other strange problems with F11 command-line standard commands (like cp), and I need to distinguish between distro serious problems and my ignorance .
Have you tried:

Code:
# iptables -L > output.txt 2>&1
Quote:
 Originally Posted by andrei.wap Thanks, but sometimes it's hard to explain the nature of the problem.
More words specifically related to the problem, and fewer words of background, would help.

10-28-2009, 11:18 PM   #7
andrei.wap
LQ Newbie

Registered: Jul 2009
Location: Argentina
Distribution: Debian Squeeze amd64
Posts: 16

Original Poster
Rep:
Quote:
 Originally Posted by lutusp Have you tried: Code: # iptables -L > output.txt 2>&1
Yes, no errors were listed. It created again an empty file called output.txt

I finally did:
Code:
iptables -L | grep '' > output.txt
It worked, and I got the output, but I'm still wondering why the original redirection doesn't work.

Quote:
 Originally Posted by lutusp More words specifically related to the problem, and fewer words of background, would help.
I was just trying that nice people like Chrism01 doesn't waste his/her time, because I'm focused in "iptables -L" output, and I'm curious about redirection behavior.
Not so much to say about the problem itself. I tried overwriting an existing file, adding options to the command (i.e, iptables -L -n, iptables -L -v), adding output to the file (i.e., using ">>"), and reading iptables and bash documentation.
If you don't have patience for beginners, maybe you shouldn't answer his questions.
Thanks anyway.

 03-15-2011, 02:15 PM #8 misterdot LQ Newbie   Registered: Mar 2011 Posts: 1 Rep: This is a really old thread, but Google sent me here and as there was no posted solution, I figured I'd update with my fix. I'm running RHEL 6 and temporarily disabling selinux solved the issue for me. Command to do that is "echo 0 > /selinux/enforce". To change back, "echo 1 > /selinux/enforce". To summarize, the regular "iptables -L" and "iptables-save" commands produce the expected result. If I try to redirect that output to a file, however, no output is written to the file. Here's a demonstration: [root@store1 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- myhost anywhere tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@store1 ~]# iptables -L > iptables.out [root@store1 ~]# cat iptables.out [root@store1 ~]# [root@store1 ~]# \rm iptables.out [root@store1 ~]# echo 0 > /selinux/enforce [root@store1 ~]# iptables -L > iptables.out [root@store1 ~]# cat iptables.out Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- myhost anywhere tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination 1 members found this post helpful.
03-17-2011, 05:30 PM   #9
andrei.wap
LQ Newbie

Registered: Jul 2009
Location: Argentina
Distribution: Debian Squeeze amd64
Posts: 16

Original Poster
Rep:
Quote:
 Originally Posted by misterdot This is a really old thread, but Google sent me here and as there was no posted solution, I figured I'd update with my fix.
Thanks misterdot. I moved to Debian definitively a long time ago. But your answer is the only one that provides a clue.