Related

Problem installing wordpress on subdomain (nginx / ubuntu) Question Question
GUI for MongoDB needed to mange Meteor app Question Question

Question

IPTables won't Accept my Rules File

Posted July 29, 2015 2.5k views
UbuntuFirewallLEMP

I have created an IPTables rule file for my webserver droplet, however when I go an try to restore the file to IPTables, it tells me that it fails on line 1.

This is the rule file that I am using. I have use similar ones in the past that haven’t given me any troubles. I am assuming that Line 1 is the *filter line.

*filter
#  Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT

#  Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#  Allow all outbound traffic - you can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT

#  Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

#  Allow SSH connections
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

#  Allow ping
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

#  Limit connections 
-A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 5 -j REJECT --reject-with tcp-reset
-A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 30 -j REJECT --reject-with tcp-reset
-A INPUT -p tcp --syn --dport 443 -m connlimit --connlimit-above 30 -j REJECT --reject-with tcp-reset

#  Log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

#  Drop all other inbound - default deny unless explicitly allowed policy
-A INPUT -j DROP
-A FORWARD -j DROP

COMMIT

O/S: Ubuntu 14.04 x64
Kernel: 3.13.0-59-generic
Ram: 512MB

Add a comment
itsonlybarney
By:
itsonlybarney
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
asb June 17, 2016

I’m not able to reproduce this issue. I can successfully apply these rules using the iptables-restore command. One common mistake is leaving extra whitespace at the beginning of a line. That would be the first thing I’d check. One thing you could do to ensure that you create this file with the correct syntax is to manually apply the rules and then generate the file using iptables-save > /path/to/file You can then save that file and apply it on other servers you spin up as well.

For more information on building out a firewall using IPTables, check out this tutorial:

How To Set Up a Firewall Using Iptables on Ubuntu 14.04
by Justin Ellingwood
The iptables firewall is a great way to secure your Linux server. In this guide, we'll discuss how to configure iptables rules on an Ubuntu 14.04 server.
Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help