Linode Forum :: iptables-restore error in CentOS

Linode Forum https://forum.linode.com/

iptables-restore error in CentOS https://forum.linode.com/viewtopic.php?f=19&t=6708	Page 1 of 1

Author:	Anndreh [ Mon Feb 14, 2011 3:34 pm ]
Post subject:	iptables-restore error in CentOS
Hello friends, First sorry for bad english I promise I'll improve I'm new to the Linode but I can already tell I'm really enjoying the service. I need to make a mini reseller cPanel-based (I have license), and therefore have to use CentOS. I'm almost finished with the settings but I came across a difficult problem to solve. I researched a lot already and nothing found. Because I ask the help of friends Linux masters to help me. By changing the iptables settings and trying to apply them received the following error: Quote: Applying iptables firewall rules: iptables-restore v1.3.5: iptables-restore : unable to initializetable 'security' Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information . [FAILED] root@server [~]# iptables-restore < new-firewall-config iptables-restore v1.3.5: no command specified Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information . root@server [~]# iptables-restore < new-firewall-config iptables-restore v1.3.5: no command specified Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. So I went back to normal settings and when I run Code: service iptables restart and the error appears again: Quote: Applying iptables firewall rules: iptables-restore v1.3.5: iptables-restore: unable to initializetable 'security' Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. [FAILED] What's happening? How can the iptables accept my new setup? Thanks in advance. Regards! Anndreh.

Author:	hoopycat [ Tue Feb 15, 2011 9:34 am ]
Post subject:
What does the file 'new-firewall-config' contain?

Author:

Anndreh [ Tue Feb 15, 2011 3:39 pm ]

Post subject:

hoopycat wrote:

What does the file 'new-firewall-config' contain?

Sorry hoopycat

Here new-firewall-config code:

Code:

*filter
 
#  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
 
#  Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
#  Allows all outbound traffic
#  You can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT
 
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
 
#  Allows SSH connections
#
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
 
# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
 
# Allows svnserve connections from anywhere
-A INPUT -p tcp --dport 3690 -j ACCEPT
 
# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
 
# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT
 
COMMIT

Author:	otherbbs [ Wed Feb 16, 2011 1:23 am ]
Post subject:
Code: -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT This is the second time I've seen this typo in the past month. The correct syntax should be: -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT -- Travis

Author:	Anndreh [ Wed Feb 16, 2011 6:50 am ]
Post subject:
otherbbs wrote: This is the second time I've seen this typo in the past month. The correct syntax should be: -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT -- Travis Hi Travis, Thanks for the help. In fact there was a syntax error in code. Already corrected. But now when I run iptables-restore command an "no command specified" error is returned, see: Code: root@server [~]# iptables-restore new-firewall-config iptables-restore v1.3.5: no command specified Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Never seen this error before, maybe because I have always used Debian. What may be happening? Thanks again. Regards, Andre.

Author:	mnordhoff [ Wed Feb 16, 2011 6:54 am ]
Post subject:
You left out the <: "iptables-restore <new-firewall-config".

Author:	Anndreh [ Wed Feb 16, 2011 8:02 am ]
Post subject:
mnordhoff wrote: You left out the <: "iptables-restore <new-firewall-config". Hi! Sorry, I forgot that. But... Code: root@server [~]# iptables-restore < new-firewall-config iptables-restore v1.3.5: no command specified Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. The same result Any suggestions?

Author:	otherbbs [ Thu Feb 17, 2011 2:36 am ]
Post subject:
Anndreh wrote: Any suggestions? Flush the iptables rules, then manually add each iptable rule. If you don't get any errors, then use iptables-save to save to the working rules to a file you can use with iptables-restore. -- Travis

Author:	Anndreh [ Thu Feb 17, 2011 10:18 am ]
Post subject:
otherbbs wrote: Anndreh wrote: Any suggestions? Flush the iptables rules, then manually add each iptable rule. If you don't get any errors, then use iptables-save to save to the working rules to a file you can use with iptables-restore. -- Travis Hi Travis, Thank you for this suggestion! Now it's works fine! The question will remain: why can not I use iptables-restore? But what matters is that it is working now. Thanks guys! Topic closed.

Author:	otherbbs [ Thu Feb 17, 2011 1:26 pm ]
Post subject:
Anndreh wrote: The question will remain: why can not I use iptables-restore? Does the working firewall rules file created by iptables-save work with iptables-restore? If it does, then I would guess there is something in the file we are not seeing, the restore script is choking on. You could diff the differences between the failing file and the working iptables-save file to see. -- Travis

Author:	Anndreh [ Thu Feb 17, 2011 2:48 pm ]
Post subject:
otherbbs wrote: Does the working firewall rules file created by iptables-save work with iptables-restore? If it does, then I would guess there is something in the file we are not seeing, the restore script is choking on. You could diff the differences between the failing file and the working iptables-save file to see. -- Travis Hi Travis, The interesting thing is that now the iptables-restore is working normally with the saved file. I believe the problem occurred because I have put a code with error sitaxe. Thank you again, now all problems are solved!!! Regards. Anndreh.

Page 1 of 1	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/