I have attempted to setup some basic iptables based on the linode tut here: http://library.linode.com/securing-your-server. I didn't modify anything from the suggested rules, however, when I go to activate the rules using the command:

iptables-restore < /etc/iptables.firewall.rules

Zero luck at all. It gives the error I used in this topic title:

For clarification (and so you don't have to go the the tut page for the code) here is what I entered into my iptables.firewall.rules :

*filter

#  Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT

#  Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#  Allow all outbound traffic - you can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT

#  Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

#  Allow SSH connections
#
#  The -dport number should be the same port number you set in sshd_config
#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

#  Allow ping
-A INPUT -p icmp -j ACCEPT

#  Log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

#  Drop all other inbound - default deny unless explicitly allowed policy
-A INPUT -j DROP
-A FORWARD -j DROP

COMMIT

When it didn't work, I logged in as root to try and activate it, but had no luck. It was calling the error on line 33...which is the 'COMMIT' command. I obviously cannot remove that, so I'm a bit stumped.

I even went so far as to scp in and copy and paste the rules from the tut into the file directly and got the same error as when I created the file in ssh. Finally, I deleted the file and tried to start from scratch (which I did twice) and still cannot seem to activate the new iptables file. I get the error every time.

Any thoughts would be extremely helpful. Thank you in advance.

My suggestion would be to apply each of these rules manually using iptables as root or with sudo, and then use iptables-save to save the resulting ruleset in your iptables.firewall.rules. For example:

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -d 127.0.0.0/8 -j REJECT

# and so on for each of your rules

iptables-save > /etc/iptables.firewall.rules

You'll want to verify that you have no existing rules (with iptables -L -nv) prior to doing this, or stuff may get whacky. iptables-save will always generate a file that can be read back in with iptables-restore, so you don't have to worry about getting this issue again.

_________________
Disclaimer: I am no longer employed by Linode; opinions are my own alone.

Worked like a charm. Thanks for the help, I appreciate it.

P.S. Is there a way to mark a thread as 'solved'? If so, please let me know how to do so, I couldn't see a way to do so on my own. Thanks again.