[SOLVED] I have some trouble while applying iptables firewall rules

deltamaster · 01-08-2011, 02:03 AM

As you can see in the operation below:
I've make some rules in iptables and have them saved.
Then, I restarted iptables but got the following error information.
Applying iptables firewall rules: [FAILED]
Obviously the rules are not loaded.
Then I tried restoring them from the saved file, and got a success.
What could be the reason of the failure?

OS: red hat enterprise linux 5

Thank you.

Code:

[root@station19 certs]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
REJECT     tcp  -- !192.168.0.0/24       0.0.0.0/0           tcp dpt:995 reject-with icmp-port-unreachable 
REJECT     udp  -- !192.168.0.0/24       0.0.0.0/0           udp dpt:995 reject-with icmp-port-unreachable 
REJECT     udp  -- !192.168.0.0/24       0.0.0.0/0           udp dpt:993 reject-with icmp-port-unreachable 
REJECT     tcp  -- !192.168.0.0/24       0.0.0.0/0           tcp dpt:993 reject-with icmp-port-unreachable 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@station19 certs]# service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules:                          [FAILED]
[root@station19 certs]# iptables-restore < /etc/sysconfig/iptables
[root@station19 certs]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
REJECT     tcp  -- !192.168.0.0/24       0.0.0.0/0           tcp dpt:995 reject-with icmp-port-unreachable 
REJECT     udp  -- !192.168.0.0/24       0.0.0.0/0           udp dpt:995 reject-with icmp-port-unreachable 
REJECT     udp  -- !192.168.0.0/24       0.0.0.0/0           udp dpt:993 reject-with icmp-port-unreachable 
REJECT     tcp  -- !192.168.0.0/24       0.0.0.0/0           tcp dpt:993 reject-with icmp-port-unreachable 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

unSpawn · 01-09-2011, 06:11 AM

Quote:

Originally Posted by deltamaster

As you can see in the operation below: I've make some rules in iptables and have them saved. (..) What could be the reason of the failure?

No, we can't see that. We only see 'iptables' output, not the exact contents of your /etc/sysconfig/iptables* files, so anything trying to address the issue will remain speculation.

lazydog · 01-09-2011, 11:45 AM

Post the contents of /etc/sysconfig/iptables. It is easier to read then the output from the CLI.