IPtables Installation And Configuration - Failed





still same issue.
@andrzej @Inderpreet @mouador
Please check and advise. thank you

Not sure , but if you save the iptables and also restart the service the rules which are set by us get removed, just save those iptables and then try curling through lb host.
In 2nd SS , we can clearly see that those are rules aren’t set when we list all the iptables.

@swaroopcs88

From the second image you provided, there is no added rule.

Hi Akshay,
I am setting the iptables rules from the user account i.e. tony in case of app1 server. After that, I am saving the iptables service and restarting the iptables services.
when I list the iptables after that. I don’t see them listed under the results either when I try to open the iptables there also my changes won’t be saved.
let me know if I am missing anything here?
thanks
Swaroop

but my first screenshot has the rules which you can see. I am also saving the iptables and restarting the services too.
thanks
Swaroop

@swaroopcs88

  1. What is the output of this command:
    iptables -L INPUT -n --line-numbers

  2. only ssh service by default is allowed when installing iptables; all other traffic are denied

  3. Hint: if you add iptables rule to the INPUT chain using -A flag, it will be appended to the end of rules and you will get always the " no route to host" error message.

Us my collegue @Devops said, Uhave appended the rule to the end with -A, U have to add it with -I flag
and save your work
Good luck

@swaroopcs88

As others have mentioned, your iptables is fine but you were APPENDING the rule rather than INSERTING it. APPENDING (INPUT -A) simply add your rule to the bottom of the CHAIN but INSERTING (INPUT -I) adds it to the top. As you might be aware, iptables reads the rule from top to bottom.

For anyone trying this, try not to delete any pre-existing rule in the table, explicitly INSERT your own rules.
for example, the rule sudo iptables -I INPUT -p tcp ! -s 172.16.238.14 --dport 6300 -j REJECT seems ok to block all connection to the 6300 port and allow only connection from 172.16.238.14 IP but it requires removing the pre-existing DENY rule at INPUT chain 5 in order to work, even after saving your iptables across reboot the system still marks you as fail probably because it could not see the DENY rule.

@Devops










Please advise.

@mouador
still same issue.
please advise.
thanks

Hy @swaroopcs88,

if you add iptables rule to the INPUT chain using -A flag, it will be appended to the end of rules and you will get always the " no route to host" error message, so you have to appy the rule with -I like that :
iptables -I INPUT -p tcp -s 172.16.238.14 --dport 8086 -j ACCEPT then save the rules

@swaroopcs88

Please follow @mouador explanation. In this task -A flag will always lead to " no route to host".

If you see my attached screenshots above. I am using -I option only.
am I missing anything? sorry for bugging you. thank you

1 Like

@swaroopcs88

iptables -I INPUT -p tcp -!s 172.16.238.14 --dport 3003 -j REJECT

Then, after saving this rule, you should see it at top of iptables rules.

1 Like

@mouador @Devops @azak @akshayyw

Dear Friends!
Thank you for your continued support.
Failing three times, finally, I was able to complete the task.



5 Likes

Great Swaroop! Keep Going!

2 Likes

Appreciated your work. Keep Learning!! :+1:

1 Like

@swaroopcs88
How were you able to pass this task.
What did you do different?