LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Simple problem with IPTABLES (https://www.linuxquestions.org/questions/linux-newbie-8/simple-problem-with-iptables-717208/)

lanesi 04-06-2009 10:41 AM
Simple problem with IPTABLES
 
Hello friends,

I'm having a big trouble because i'm new in linux and don't know almost nothing about IPTABLES.
Well, i'd like to open some ports and looking through the net i found a post teaching step by step. I followed as it said, but i stop in an error that i think it's pretty simple, here we go:
My steps:

1) Open flle /etc/sysconfig/iptables:
Code:
# vi /etc/sysconfig/iptables
(the archieve was empty)

2) My archieve, is like this:
Code:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8767 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 8767 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 51234 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 51234 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 14534 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 14534 -j ACCEPT
I think that it's possible that i'm missing somethig here.

3) Save and close the file. Restart iptables:
Code:
# /etc/init.d/iptables restart
4) I got the error as follow:
Code:
Flushing firewall rules:                                  [  OK  ]
Setting chains to policy ACCEPT: mangle filter nat        [  OK  ]
Applying iptables firewall rules: iptables-restore: line 1 failed
                                                          [FAILED]
What can i do to pass through that?

Thanks

Leandro Anesi

saagar 04-06-2009 11:31 AM
Try this:
1.iptables -F (flush all the contents)
2.service iptables save.
3.service iptables restart.

<the above 3 steps will flush off all the contents previously stored>

4.now start writing your rule..
for eg. to block ssh to your server..

iptables -A INPUT -s <source address> -p tcp --dport 22 -j REJECT
iptables -A INPUT -s <source address> -p udp --dport 22 -j REJECT

5.Now list the written rule in the tables
iptables -L
6.if correct, save it to /etc/sysconfig/iptables by the follg command:

service iptables save.
7. Now, we need to restart the service

service iptables restart
chkconfig iptables on.

8.Hope this helps.

lanesi 04-06-2009 02:09 PM
Where put the rules?
 
Thanks for your answer.
I did the procedure, than, now i have this:

Code:
# Generated by iptables-save v1.3.5 on Mon Apr  6 13:05:33 2009
*mangle
:PREROUTING ACCEPT [12184:1352710]
:INPUT ACCEPT [12184:1352710]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [14088:2104250]
:POSTROUTING ACCEPT [14088:2104250]
COMMIT
# Completed on Mon Apr  6 13:05:33 2009
# Generated by iptables-save v1.3.5 on Mon Apr  6 13:05:33 2009
*filter
:INPUT ACCEPT [12184:1352710]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [14088:2104250]
COMMIT
# Completed on Mon Apr  6 13:05:33 2009
# Generated by iptables-save v1.3.5 on Mon Apr  6 13:05:33 2009
*nat
:PREROUTING ACCEPT [845:55500]
:POSTROUTING ACCEPT [2351:190030]
:OUTPUT ACCEPT [2351:190030]
COMMIT
# Completed on Mon Apr  6 13:05:33 2009
Which place may i put my rules?

Thank you so much.

Leandro Anesi

Tinkster 04-06-2009 02:58 PM
As saagar said aboive: Enter the rules interactively, when they show in iptables -L,
save them.

Alternatively, you should be able to just stick them in here:
Code:
:OUTPUT ACCEPT [2351:190030]
  < -- INSERT RULES HERE
COMMIT

Cheers,
Tink

lanesi 04-06-2009 06:53 PM
Thanks
 
Thank you very much. You solved my problem.

Leandro Anesi


All times are GMT -5. The time now is 12:33 AM.