Application Security

Hi There ,

I got this task of creating iptables rules for accepting all the incoming connections to the Nginx port 8093 and Blocking all the incoming connections to the Apache port 8083. I have added the following rules

sudo iptables -A INPUT -p tcp --dport 8093 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

sudo iptables -A INPUT -p tcp --dport 8083 -m conntrack --ctstate NEW -j REJECT

and executed both sudo service iptables save and iptables-save to save it permanently. And I was able to see the rules in the files /etc/sysconfig/iptables and /etcsysconfig/

But the task has been marked failed with the reason as
Either firewall rule was not added for Apache port (8083) or rule was not permanently added on Backup server.

Could anyone let me know where it has went wrong.

Thanks for reporting. We will check and get back to you.

This task is failed for me as well. i have modified the ipv4 and ipv6 tables as per the question.
question was to allow incomins on 8096(nginx) and rejecting incomings on 8086(Apache)

1 Like

Thanks for reporting. We will take a look.


Thank you guys for reporting this issue. We figured out some issue with the validation and fixed the same.

I am manually marking these tasks as Completed for both of you. Sorry for this inconvenience.



@nsuriya239 @Inderpreet @hprasanna
how to save iptables rules permanently?
not finding it on google or unable to follow the commands mentioned there.
any help or hint would be much appeciated.

Rules created with the iptables command are stored in memory. If the system is restarted before saving the iptables rule set, all rules are lost. For netfilter rules to persist through system reboot, they need to be saved. To do this, log in as root and type:

/sbin/service iptables save

Reference: RedHat

iptables-save - how to use this command. in order to save iptables permanently, this command has to be used.
for the sake of validating my results, if I open below two files in editing mode.

iptables - file has the rules I set, however - file does not have the rules I set.
so I think on restart it wont save the iptables rules I set. hence, this needs to be made permanent.
@Inderpreet @hprasanna @nsuriya239
one of you please check and advise.

I am trying below commands:

here’s one way to do it:

yum install iptables-services ( if not present already)
service iptables save (to save the current iptables rules, the rules will be saved in /etc/sysconfig/iptables)
service iptables restart (optional, if needed to reload)


Hello, this permission error is caused when the shell tried to write the redirected output from iptables-save command. Because the writing in $ [command] > [file] is handled by the shell even if the command itself is run with sudo.

Try the following command to write /etc/sysconfig/iptables as root:

sudo iptables-save | sudo tee /etc/sysconfig/iptables-config

tee command takes stdout and write the output to a file.

Hi Inderpreet,

Can you please check why the task has been marked as failed./etc/sysconfig/iptables-config.
I have done the set up and added permenantly.I can see the rules in

sudo iptables -A INPUT -p tcp --dport 8081-m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

sudo iptables -A INPUT -p tcp --dport 8099 -m conntrack --ctstate NEW -j REJECT

/sbin/service iptables save

saved the rules permanently and was able to verfiy in both /etc/sysconfig/iptables and /etcsysconfig/

but the task throwed message – Either firewall rule was not added for Nginx port ‘8099’ or rule was not permanently added on Backup server

@Inderpreet @player001 @kodekloud-support3

can you pls check did i do any mistake , faced 2 tasks problem in Linux find command and application security tasks can you pls check.
KKE : Sasi

Hello there… task marked as failed while the rules are working…

Best Regards…

@mdimitrov Seems like you missed to add them as permanent rules.