Question

16

iptables-restore failing to load my rules

rated 0 times [ 16] [ 0] / answers: 1 / hits: 46501 / 3 Years ago, thu, june 24, 2021, 4:54:18

I've been searching around for some time now, but nothing solves my problem.
I'm setting up a mail server, but when writing to the iptables, I get an error:

iptables-restore: line 2 failed.

I'm trying to use the following /etc/iptables.test.rules:

# Allows SMTP access

-A INPUT -p tcp --dport 25 -j ACCEPT



# Allows pop and pops connections 

-A INPUT -p tcp --dport 110 -j ACCEPT

-A INPUT -p tcp --dport 995 -j ACCEPT



# Allows imap and imaps connections 

-A INPUT -p tcp --dport 143 -j ACCEPT

-A INPUT -p tcp --dport 993 -j ACCEPT

After this, I'm issuing the following command:

sudo iptables-restore < /etc/iptables.test.rules

However I get returned this:

iptables-restore: line 2 failed.

I don't know what the problem is. Can anyone clarify?

I'm using Ubuntu 10.10 LTS

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

cupwire

Add To Favorites

Follow

Total Points: 365

Total Questions: 126

Total Answers: 125

Location: Malaysia

Member since Thu, Feb 16, 2023

1 Year ago

cupwire questions

1 WPA2 wifi refuses to connect after upgrade to 22.04

Wed, Feb 1, 23, 14:35, 1 Year ago

1 Opening a spreadsheet at startup on LibreOffice in Ubuntu studio 21.04

Fri, Oct 22, 21, 09:14, 3 Years ago

1 What's the difference between dash and dock?

Fri, Jan 20, 23, 07:19, 1 Year ago

1 Network Configuration Gone - Unable to Reset or Apply Netplan

Mon, Sep 13, 21, 20:42, 3 Years ago

1 How to recursively list only hidden files from a terminal

Fri, Jul 8, 22, 16:11, 2 Years ago

View All

answered 3 Years ago oredoise · Accepted Answer

It's because that file is not in the expected format. You should add your rules manually the first time, then use iptables-save to get a file in the expected format.

However it's quite simple to "mimic" the format that iptables-restore expects.

Add a line with just *filter at the top of the file.

Add a line with just COMMIT at the bottom.

So you end up looking like this:

*filter    



# Allows SMTP access

-A INPUT -p tcp --dport 25 -j ACCEPT



# Allows pop and pops connections 

-A INPUT -p tcp --dport 110 -j ACCEPT

-A INPUT -p tcp --dport 995 -j ACCEPT



# Allows imap and imaps connections 

-A INPUT -p tcp --dport 143 -j ACCEPT

-A INPUT -p tcp --dport 993 -j ACCEPT



COMMIT

There's a few other snippets it should have too but that should make it work. After doing this, you can use iptables-save >filename to get the fully correctly formatted save file into filename.

Note that if you do use iptables-save your comments in the file will be lost (it will replace the entire file with its own similar formatted one).