IPtables Installation And Configuration task failure

Hi Team,

I have followed these steps in all the application servers.

Install and Enable Iptables:

Perform the following steps to install Iptables on a CentOS 7 system:

  1. Run the following command to install the iptables-service package from the CentOS repositories:

yum install iptables-services

  1. Once the package is installed start the Iptables service:
    systemctl start iptables

systemctl start ip6tables

3.Enable the Iptables service to start automatically on system boot:

systemctl enable iptables
systemctl enable ip6tables

4.Check the iptables service status with:

systemctl status iptables
systemctl status ip6tables

  1. To check the current iptables rules use the following commands:

iptables -nvL
ip6tables -nvL

  1. To block incoming port # 6100, use the below command.
    iptables -A INPUT -p tcp --destination-port 6100 -j DROP

7.Save the iptables for rules to be persistent across reboots.
service iptables save

8.To block outgoing port # 6100, use the below command.
iptables -A OUTPUT -p tcp --destination-port 6100 -j DROP

9.Save the iptables for rules to be persistent across reboots.
service iptables save

But it is marked as Failed and in between my session got disconnected before finishing.Please do check and let me know where i made mistake.

My session has also failed…I don’t know where i did mistake…Please consolidate the same…

@pkulkarn Did the question says block outgoing as well?

@Surendar @pkulkarn

What were the errors that were reported once the task failed. That can perhaps help you determine.

@ali.za.ac… Can you please help with below issue. I have saved the rules permanently after modifying IP Tables. --> “service iptables save”

@Akash24
for the second line I had -j REJECT … rather than drop …
Also did you stop and start the service ? and when you save you gotta save to >/etc/sysconfig/iptables

sudo systemctl restart iptables

iptables-save > /etc/sysconfig/iptables

Issue was with connection to app1 so drop or reject shouldn’t matter. And also as per my understanding service iptables save ==> will save the changes in /etc/sysconfig/iptables file… @Inderpreet … Please correct me if I am wrong here…