IPTables won't Accept my Rules File

July 29, 2015 585 views
Firewall LEMP Ubuntu

I have created an IPTables rule file for my webserver droplet, however when I go an try to restore the file to IPTables, it tells me that it fails on line 1.

This is the rule file that I am using. I have use similar ones in the past that haven't given me any troubles. I am assuming that Line 1 is the *filter line.

#  Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT

#  Accept all established inbound connections

#  Allow all outbound traffic - you can modify this to only allow certain traffic

#  Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

#  Allow SSH connections
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

#  Allow ping
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

#  Limit connections 
-A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 5 -j REJECT --reject-with tcp-reset
-A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 30 -j REJECT --reject-with tcp-reset
-A INPUT -p tcp --syn --dport 443 -m connlimit --connlimit-above 30 -j REJECT --reject-with tcp-reset

#  Log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

#  Drop all other inbound - default deny unless explicitly allowed policy


O/S: Ubuntu 14.04 x64
Kernel: 3.13.0-59-generic
Ram: 512MB

1 Answer

I'm not able to reproduce this issue. I can successfully apply these rules using the iptables-restore command. One common mistake is leaving extra whitespace at the beginning of a line. That would be the first thing I'd check. One thing you could do to ensure that you create this file with the correct syntax is to manually apply the rules and then generate the file using iptables-save > /path/to/file You can then save that file and apply it on other servers you spin up as well.

For more information on building out a firewall using IPTables, check out this tutorial:

by Justin Ellingwood
The iptables firewall is a great way to secure your Linux server. In this guide, we'll discuss how to configure iptables rules on an Ubuntu 14.04 server.
Have another answer? Share your knowledge.