I got this task of creating iptables rules for accepting all the incoming connections to the Nginx port 8093 and Blocking all the incoming connections to the Apache port 8083. I have added the following rules
sudo iptables -A INPUT -p tcp --dport 8083 -m conntrack --ctstate NEW -j REJECT
and executed both sudo service iptables save and iptables-save to save it permanently. And I was able to see the rules in the files /etc/sysconfig/iptables and /etcsysconfig/iptables.save
But the task has been marked failed with the reason as Either firewall rule was not added for Apache port (8083) or rule was not permanently added on Backup server.
This task is failed for me as well. i have modified the ipv4 and ipv6 tables as per the question.
question was to allow incomins on 8096(nginx) and rejecting incomings on 8086(Apache)
@nsuriya239@Inderpreet@hprasanna
how to save iptables rules permanently?
not finding it on google or unable to follow the commands mentioned there.
any help or hint would be much appeciated.
thanks,
Swaroop
Rules created with the iptables command are stored in memory. If the system is restarted before saving the iptables rule set, all rules are lost. For netfilter rules to persist through system reboot, they need to be saved. To do this, log in as root and type:
iptables-save - how to use this command. in order to save iptables permanently, this command has to be used.
for the sake of validating my results, if I open below two files in editing mode.
iptables - file has the rules I set, however
iptables.save - file does not have the rules I set.
so I think on restart it wont save the iptables rules I set. hence, this needs to be made permanent. @Inderpreet@hprasanna@nsuriya239
one of you please check and advise.
yum install iptables-services ( if not present already)
service iptables save (to save the current iptables rules, the rules will be saved in /etc/sysconfig/iptables)
service iptables restart (optional, if needed to reload)
Hello, this permission error is caused when the shell tried to write the redirected output from iptables-save command. Because the writing in $ [command] > [file] is handled by the shell even if the command itself is run with sudo.
Try the following command to write /etc/sysconfig/iptables as root:
sudo iptables-save | sudo tee /etc/sysconfig/iptables-config
tee command takes stdout and write the output to a file.
Can you please check why the task has been marked as failed./etc/sysconfig/iptables-config.
I have done the set up and added permenantly.I can see the rules in