job fails for "restart iptables"

[esolve]

I want to install tigervnc server on a remote server, by following this article:
zeusville.wordpress.com/2012/01/27/setting-up-vncserver-on-fedora-

after

Code:

sudo vi /etc/sysconfig/iptables

Add this to the file:

Code:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 5903 -j ACCEPT

then restart iptables

Code:

sudo systemctl restart iptables.service
Job failed. See system logs and 'systemctl status' for details.

job failed, I checked the system logs

Code:

Oct  8 00:13:49 canard iptables.init[4178]: iptables: Applying firewall rules: iptables-restore: line 1 failed
Oct  8 00:13:49 canard iptables.init[4178]: [FAILED]
Oct  8 00:13:49 canard systemd[1]: iptables.service: main process exited, code=exited, status=1
Oct  8 00:13:49 canard systemd[1]: Unit iptables.service entered failed state.
Oct  8 00:15:11 canard avahi-daemon[951]: Invalid response packet from host 138.96.198.100.

how to deal with this?
thanks

[atreyu]

Hi,

You may want to just trying adding the rule to the running iptables configuration, to see if it works, before writing it to the config file, e.g.:

Code:

systemctl stop iptables.service
systemctl start iptables.service
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 5903 -j ACCEPT

if you are happy, then write it to a config file, e.g.:

Code:

iptables-save > /etc/sysconfig/iptables

but make a backup first.

Edit: I forgot - if that doesn't work (or even if it does), you can post the entire contents of /etc/sysconfig/iptables file

[Lazydog]

One thing to keep in mind is the '-A' appends the rule to the end of the chain. If there are any rules above this that effect the packet are it travels down the chain, i.e., DROP then the packet will never reach this chain.