Application Security

Hi There ,

I got this task of creating iptables rules for accepting all the incoming connections to the Nginx port 8093 and Blocking all the incoming connections to the Apache port 8083. I have added the following rules

sudo iptables -A INPUT -p tcp --dport 8093 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

sudo iptables -A INPUT -p tcp --dport 8083 -m conntrack --ctstate NEW -j REJECT

and executed both sudo service iptables save and iptables-save to save it permanently. And I was able to see the rules in the files /etc/sysconfig/iptables and /etcsysconfig/iptables.save

But the task has been marked failed with the reason as
Either firewall rule was not added for Apache port (8083) or rule was not permanently added on Backup server.

Could anyone let me know where it has went wrong.

Thanks for reporting. We will check and get back to you.

This task is failed for me as well. i have modified the ipv4 and ipv6 tables as per the question.
question was to allow incomins on 8096(nginx) and rejecting incomings on 8086(Apache)

1 Like

Thanks for reporting. We will take a look.

Hello,

Thank you guys for reporting this issue. We figured out some issue with the validation and fixed the same.

I am manually marking these tasks as Completed for both of you. Sorry for this inconvenience.

Thanks
Inderpreet

3 Likes

@nsuriya239 @Inderpreet @hprasanna
how to save iptables rules permanently?
not finding it on google or unable to follow the commands mentioned there.
any help or hint would be much appeciated.
thanks,
Swaroop

Rules created with the iptables command are stored in memory. If the system is restarted before saving the iptables rule set, all rules are lost. For netfilter rules to persist through system reboot, they need to be saved. To do this, log in as root and type:

/sbin/service iptables save

Reference: RedHat

iptables-save - how to use this command. in order to save iptables permanently, this command has to be used.
for the sake of validating my results, if I open below two files in editing mode.


iptables - file has the rules I set, however
iptables.save - file does not have the rules I set.
so I think on restart it wont save the iptables rules I set. hence, this needs to be made permanent.
@Inderpreet @hprasanna @nsuriya239
one of you please check and advise.

I am trying below commands:

here’s one way to do it:

yum install iptables-services ( if not present already)
service iptables save (to save the current iptables rules, the rules will be saved in /etc/sysconfig/iptables)
service iptables restart (optional, if needed to reload)

4 Likes

Hello, this permission error is caused when the shell tried to write the redirected output from iptables-save command. Because the writing in $ [command] > [file] is handled by the shell even if the command itself is run with sudo.

Try the following command to write /etc/sysconfig/iptables as root:

sudo iptables-save | sudo tee /etc/sysconfig/iptables-config

tee command takes stdout and write the output to a file.