[SOLVED] iptables help, don't think my changes saved
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
When you do 'iptables-save' you must actually 'save' the output to your firewall script.
From the commands you did above, you did:
1) add the new rule
2) iptables-save to the screen (stdout)
3) iptables -L (which shows you the loaded iptables)
4) more iptables (this would show you a file called "iptables" if one exists in your current working directory)
I believe you should have (at step 2) dumped "iptables-save" into your firewall script, like:
shell# iptables-save > iptables
assuming your firewall script is named "iptables".
Once you add the line, the rule is implemented immediately. You don't need to restart iptables, as it's already 'kicked in'.
I'm not sure why the "-m tcp" appeared if you did not put it there, but maybe where you used "-p tcp" implies "-m tcp" automatically. Kinda makes sense-- if you want to match to TCP protocol (-p tcp), then -m is sort of implied. You'd need to check the man page or other docs to verify that this is precisely what's happening though.
For the record, here's a chunk of the iptables man page:
Code:
MATCH EXTENSIONS
iptables can use extended packet matching modules. These are loaded in two ways: implicitly, when -p or --protocol
is specified, or with the -m or --match options, followed by the matching module name; after these, various extra
command line options become available, depending on the specific module. You can specify multiple extended match
modules in one line, and you can use the -h or --help options after the module has been specified to receive help
specific to that module.
So the bold part does explain why the -m showed up: it was implied by -p
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.