iptables-restore error in CentOS
First sorry for bad english
I'm new to the Linode but I can already tell I'm really enjoying the service.
I need to make a mini reseller cPanel-based (I have license), and therefore have to use CentOS. I'm almost finished with the settings but I came across a difficult problem to solve. I researched a lot already and nothing found. Because I ask the help of friends Linux masters to help me.
By changing the iptables settings and trying to apply them received the following error:
> Applying iptables firewall rules: iptables-restore v1.3.5: iptables-restore : unable to initializetable 'security'
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore –help' for more information .
[FAILED]
root@server [~]# iptables-restore < new-firewall-config
iptables-restore v1.3.5: no command specified
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore –help' for more information .
root@server [~]# iptables-restore < new-firewall-config
iptables-restore v1.3.5: no command specified
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore –help' for more information.
So I went back to normal settings and when I run
service iptables restart
and the error appears again:
> Applying iptables firewall rules: iptables-restore v1.3.5: iptables-restore: unable to initializetable 'security'
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore –help' for more information.
[FAILED]
What's happening? How can the iptables accept my new setup?
Thanks in advance.
Regards!
Anndreh.
10 Replies
@hoopycat:
What does the file 'new-firewall-config' contain?
Sorry hoopycat
Here new-firewall-config code:
*filter
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allows all outbound traffic
# You can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
# Allows SSH connections
#
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# Allows svnserve connections from anywhere
-A INPUT -p tcp --dport 3690 -j ACCEPT
# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT
COMMIT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
````
This is the second time I've seen this typo in the past month. The correct syntax should be:
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
–
Travis
@otherbbs:
This is the second time I've seen this typo in the past month. The correct syntax should be:
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
–
Travis
Hi Travis,
Thanks for the help. In fact there was a syntax error in code. Already corrected.
But now when I run iptables-restore command an "no command specified" error is returned, see:
root@server [~]# iptables-restore new-firewall-config
iptables-restore v1.3.5: no command specified
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Never seen this error before, maybe because I have always used Debian. What may be happening?
Thanks again.
Regards,
Andre.
@mnordhoff:
You left out the <: "iptables-restore ****<****new-firewall-config".
Hi!
Sorry, I forgot that. But…
root@server [~]# iptables-restore < new-firewall-config
iptables-restore v1.3.5: no command specified
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
The same result
Any suggestions?
@Anndreh:
Any suggestions?
Flush the iptables rules, then manually add each iptable rule. If you don't get any errors, then use iptables-save to save to the working rules to a file you can use with iptables-restore.
–
Travis
@otherbbs:
@Anndreh:Any suggestions?
Flush the iptables rules, then manually add each iptable rule. If you don't get any errors, then use iptables-save to save to the working rules to a file you can use with iptables-restore.–
Travis
Hi Travis,
Thank you for this suggestion! Now it's works fine!
The question will remain: why can not I use iptables-restore?
But what matters is that it is working now. Thanks guys!
Topic closed.
@Anndreh:
The question will remain: why can not I use iptables-restore?
Does the working firewall rules file created by iptables-save work with iptables-restore?
If it does, then I would guess there is something in the file we are not seeing, the restore script is choking on. You could diff the differences between the failing file and the working iptables-save file to see.
–
Travis
@otherbbs:
Does the working firewall rules file created by iptables-save work with iptables-restore?
If it does, then I would guess there is something in the file we are not seeing, the restore script is choking on. You could diff the differences between the failing file and the working iptables-save file to see.
–
Travis
Hi Travis,
The interesting thing is that now the iptables-restore is working normally with the saved file. I believe the problem occurred because I have put a code with error sitaxe.
Thank you again, now all problems are solved!!!
Regards.
Anndreh.