IPtables Installation And Configuration - Failed

still same issue.
@andrzej @Inderpreet @mouador
Please check and advise. thank you

Not sure , but if you save the iptables and also restart the service the rules which are set by us get removed, just save those iptables and then try curling through lb host.
In 2nd SS , we can clearly see that those are rules aren’t set when we list all the iptables.


From the second image you provided, there is no added rule.

Hi Akshay,
I am setting the iptables rules from the user account i.e. tony in case of app1 server. After that, I am saving the iptables service and restarting the iptables services.
when I list the iptables after that. I don’t see them listed under the results either when I try to open the iptables there also my changes won’t be saved.
let me know if I am missing anything here?

but my first screenshot has the rules which you can see. I am also saving the iptables and restarting the services too.


  1. What is the output of this command:
    iptables -L INPUT -n --line-numbers

  2. only ssh service by default is allowed when installing iptables; all other traffic are denied

  3. Hint: if you add iptables rule to the INPUT chain using -A flag, it will be appended to the end of rules and you will get always the " no route to host" error message.

Us my collegue @Devops said, Uhave appended the rule to the end with -A, U have to add it with -I flag
and save your work
Good luck


As others have mentioned, your iptables is fine but you were APPENDING the rule rather than INSERTING it. APPENDING (INPUT -A) simply add your rule to the bottom of the CHAIN but INSERTING (INPUT -I) adds it to the top. As you might be aware, iptables reads the rule from top to bottom.

For anyone trying this, try not to delete any pre-existing rule in the table, explicitly INSERT your own rules.
for example, the rule sudo iptables -I INPUT -p tcp ! -s --dport 6300 -j REJECT seems ok to block all connection to the 6300 port and allow only connection from IP but it requires removing the pre-existing DENY rule at INPUT chain 5 in order to work, even after saving your iptables across reboot the system still marks you as fail probably because it could not see the DENY rule.


Please advise.

still same issue.
please advise.

Hy @swaroopcs88,

if you add iptables rule to the INPUT chain using -A flag, it will be appended to the end of rules and you will get always the " no route to host" error message, so you have to appy the rule with -I like that :
iptables -I INPUT -p tcp -s --dport 8086 -j ACCEPT then save the rules


Please follow @mouador explanation. In this task -A flag will always lead to " no route to host".

If you see my attached screenshots above. I am using -I option only.
am I missing anything? sorry for bugging you. thank you

1 Like


iptables -I INPUT -p tcp -!s --dport 3003 -j REJECT

Then, after saving this rule, you should see it at top of iptables rules.

1 Like

@mouador @Devops @azak @akshayyw

Dear Friends!
Thank you for your continued support.
Failing three times, finally, I was able to complete the task.


Great Swaroop! Keep Going!


Appreciated your work. Keep Learning!! :+1:

1 Like

How were you able to pass this task.
What did you do different?