Not sure , but if you save the iptables and also restart the service the rules which are set by us get removed, just save those iptables and then try curling through lb host.
In 2nd SS , we can clearly see that those are rules aren’t set when we list all the iptables.
Hi Akshay,
I am setting the iptables rules from the user account i.e. tony in case of app1 server. After that, I am saving the iptables service and restarting the iptables services.
when I list the iptables after that. I don’t see them listed under the results either when I try to open the iptables there also my changes won’t be saved.
let me know if I am missing anything here?
thanks
Swaroop
but my first screenshot has the rules which you can see. I am also saving the iptables and restarting the services too.
thanks
Swaroop
-
What is the output of this command:
iptables -L INPUT -n --line-numbers -
only ssh service by default is allowed when installing iptables; all other traffic are denied
-
Hint: if you add iptables rule to the INPUT chain using -A flag, it will be appended to the end of rules and you will get always the " no route to host" error message.
Us my collegue @Devops said, Uhave appended the rule to the end with -A, U have to add it with -I flag
and save your work
Good luck
As others have mentioned, your iptables is fine but you were APPENDING the rule rather than INSERTING it. APPENDING (INPUT -A) simply add your rule to the bottom of the CHAIN but INSERTING (INPUT -I) adds it to the top. As you might be aware, iptables reads the rule from top to bottom.
For anyone trying this, try not to delete any pre-existing rule in the table, explicitly INSERT your own rules.
for example, the rule sudo iptables -I INPUT -p tcp ! -s 172.16.238.14 --dport 6300 -j REJECT seems ok to block all connection to the 6300 port and allow only connection from 172.16.238.14 IP but it requires removing the pre-existing DENY rule at INPUT chain 5 in order to work, even after saving your iptables across reboot the system still marks you as fail probably because it could not see the DENY rule.
Hy @swaroopcs88,
if you add iptables rule to the INPUT chain using -A flag, it will be appended to the end of rules and you will get always the " no route to host" error message, so you have to appy the rule with -I like that :
iptables -I INPUT -p tcp -s 172.16.238.14 --dport 8086 -j ACCEPT then save the rules
If you see my attached screenshots above. I am using -I option only.
am I missing anything? sorry for bugging you. thank you
iptables -I INPUT -p tcp -!s 172.16.238.14 --dport 3003 -j REJECT
Then, after saving this rule, you should see it at top of iptables rules.
@mouador @Devops @azak @akshayyw
Dear Friends!
Thank you for your continued support.
Failing three times, finally, I was able to complete the task.
Great Swaroop! Keep Going!
Appreciated your work. Keep Learning!!