Find the answer to your Linux question:
Results 1 to 6 of 6
Hi folks, Ubuntu 8.04 To input a rule whether run; $ sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT Then run; $ sudo iptables-save > rules-saved to save ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Guru
    Join Date
    Sep 2004
    Posts
    1,778

    To add and remove iptables rule


    Hi folks,

    Ubuntu 8.04


    To input a rule whether run;

    $ sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

    Then run;

    $ sudo iptables-save > rules-saved

    to save that rule ?


    To display/check it;

    $ sudo iptables -L
    the rule will be displayed

    If to remove above rule whether run;

    $ sudo iptables -P INPUT DROP INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

    Then run again;

    $ sudo iptables-save > rules-saved

    $ sudo iptables -L
    the rule will disappear
    ???

    TIA


    B.R.
    satimis

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Do the following:

    Code:
    sudo iptables -P INPUT DROP
    sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    sudo iptables-save > rules-saved
    sudo iptables -P INPUT DROP INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    IS not correct.

    Also I would place the ESTABLISHED,RELATED at the top of the chain.

    Here is a tutorial for iptables

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Linux Guru
    Join Date
    Sep 2004
    Posts
    1,778
    Quote Originally Posted by Lazydog View Post
    Do the following:

    Code:
    sudo iptables -P INPUT DROP
    sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    sudo iptables-save > rules-saved
    sudo iptables -P INPUT DROP INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    IS not correct.

    Also I would place the ESTABLISHED,RELATED at the top of the chain.

    Here is a tutorial for iptables
    Hi Lazydog,

    Thanks for your advice and URL.

    # iptables -P INPUT DROP
    No complaint

    # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    Code:
    iptables: No chain/target/match by that name
    # /etc/init.d/shorewall restart
    Code:
    Restarting "Shorewall firewall": not done (check /var/log/shorewall-init.log).
    # tail /var/log/shorewall-init.log
    Code:
      Shorewall is not running
    15:59:31 Starting Shorewall....
    15:59:31 Initializing...
    15:59:31 Clearing Traffic Control/QOS
    15:59:31 Deleting user chains...
    iptables: No chain/target/match by that name
       ERROR: Command "/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT" Failed
    iptables: No chain/target/match by that name
    iptables: No chain/target/match by that name
    Terminated
    This is a virtual machine running OpenVZ. Shorewall is running on the guest. No iptable rules have been set on the host.

    Host
    $ sudo iptables -L
    Code:
    [sudo] password for satimis: 
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination

    Guest

    # iptables -L
    Code:
    Chain INPUT (policy DROP)
    target     prot opt source               destination         
    ACCEPT     all  --  0.0.0.0              anywhere            
    ACCEPT     all  --  anywhere             anywhere            
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination         
    
    ACCEPT     all  --  0.0.0.0              0.0.0.0             
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    I have been held for 2 days without a solution. Googling brought me some info saying the problem coming from OpenVZ kernel.

    Guest;

    /# uname -r
    Code:
    2.6.24-24-openvz

    I have another virtual machine running Xen. Shorewall is running there without problem.


    B.R.
    satimis

  4. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    You are using shorewall as your firewall why are you trying to configure it by hand?
    Use the GUI to configure shorewall.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  5. #5
    Linux Guru
    Join Date
    Sep 2004
    Posts
    1,778
    Quote Originally Posted by Lazydog View Post
    You are using shorewall as your firewall why are you trying to configure it by hand?
    Use the GUI to configure shorewall.
    Hi Robert,

    The Shorewall has been configured. I followed following document to do it;

    Firewall
    Shorewall
    How to set up a mail server on a GNU / Linux system


    The same config is working on another virtual machine running Xen. I'm going to remove shorewall and run iptables instead. What basic rules you would suggest? Thanks


    B.R.
    satimis

  6. #6
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    This would all depend on what you want to allow in/out from the box.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •