Question

IPTables won't Accept my Rules File

I have created an IPTables rule file for my webserver droplet, however when I go an try to restore the file to IPTables, it tells me that it fails on line 1.

This is the rule file that I am using. I have use similar ones in the past that haven’t given me any troubles. I am assuming that Line 1 is the *filter line.

*filter
#  Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT

#  Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#  Allow all outbound traffic - you can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT

#  Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

#  Allow SSH connections
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

#  Allow ping
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

#  Limit connections 
-A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 5 -j REJECT --reject-with tcp-reset
-A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 30 -j REJECT --reject-with tcp-reset
-A INPUT -p tcp --syn --dport 443 -m connlimit --connlimit-above 30 -j REJECT --reject-with tcp-reset

#  Log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

#  Drop all other inbound - default deny unless explicitly allowed policy
-A INPUT -j DROP
-A FORWARD -j DROP

COMMIT

O/S: Ubuntu 14.04 x64 Kernel: 3.13.0-59-generic Ram: 512MB


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

I’m not able to reproduce this issue. I can successfully apply these rules using the iptables-restore command. One common mistake is leaving extra whitespace at the beginning of a line. That would be the first thing I’d check. One thing you could do to ensure that you create this file with the correct syntax is to manually apply the rules and then generate the file using iptables-save > /path/to/file You can then save that file and apply it on other servers you spin up as well.

For more information on building out a firewall using IPTables, check out this tutorial: