I've tried adding exceptions found on Google such as:

iptables -A INPUT -p tcp --dport 80 -j ACCEPT    //apache

but they don't seem to work.

iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: security raw nat[FAILED]filter
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules: iptables-restore: line 14 failed
                                                           [FAILED]

What gives? If I stop iptables, I can access all of my services. I literally just re-installed from a F14 instance that I set up and never had to deal with this!

Can anyone lend a hand?

What does "iptables -L -n -v" look like? How about the file that iptables-restore is reading from?

_________________

/* TODO: need to add signature to posts */

Stupid question incoming - can you use // style comments? I've only seen the hash mark and the inline --comment used...

First:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
 5842 5881K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0   
   33  1932 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
 1113 64847 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 4897 packets, 450K bytes)
 pkts bytes target     prot opt in     out     source               destination

I do not know anything about the file iptables-restore is reading from. But, I found this file /etc/sysconfig/system-config-firewall that may be relevant? Its contents are:

# system-config-firewall config written out by anaconda

--service=ssh

Yeah, there is no allow rule for port 80 in there.

This sounds like some sort of wacky Red Hat-specific problem, but system-config-firewall might yield results too.

Where did you put the "iptables -A INPUT -p tcp --dport 80 -j ACCEPT" line?

_________________

/* TODO: need to add signature to posts */

I actually removed it after, as it was giving the error I posted in my first post. I'll re-add it and then re-print that command.

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
  409 32897 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    6   240 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
    2   120 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0   
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
   75  4228 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 404 packets, 40103 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Contents of /etc/sysconfig/iptables

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
-A INPUT -p tcp --dport 80 -j ACCEPT

Try moving the line dealing with TCP 80 UNDER the line about TCP 22 and OVER the REJECT line.

Then restart IPTABLES and see what happens.