iptables-restore failed at COMMIT line, no detailed description












2















I'm trying to setup iptables (using iptables-restore) for a new server and was looking at the security docs from Linode, so basically used their templates for IPv4 and IPv6. These are both failing at the COMMIT message, but I guess the error is somewhere else.



alessio@scw-272444:~$ sudo iptables-restore < /tmp/v4

iptables-restore: line 37 failed


IPv4:



*filter



# Allow all loopback (lo0) traffic and reject traffic

# to localhost that does not originate from lo0.

-A INPUT -i lo -j ACCEPT

-A INPUT ! -i lo -s 127.0.0.0/8 -j REJECT



# Allow ping and traceroute.

-A INPUT -p icmp --icmp-type 3 -j ACCEPT

-A INPUT -p icmp --icmp-type 8 -j ACCEPT

-A INPUT -p icmp --icmp-type 11 -j ACCEPT



# Allow SSH connections.

-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT



# Allow HTTP and HTTPS connections from anywhere

# (the normal ports for web servers).

-A INPUT -p tcp --dport 80 -j ACCEPT

-A INPUT -p tcp --dport 443 -j ACCEPT



# Accept inbound traffic from established connections.

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT



# Log what was incoming but denied (optional but useful).

-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: " --log-level 7



# Reject all other inbound.

-A INPUT -j REJECT



# Log any traffic which was sent to you

# for forwarding (optional but useful).

-A FORWARD -m limit --limit 5/min -j LOG --log-prefix "iptables_FORWARD_denied: " --log-level 7



# Reject all traffic forwarding.

-A FORWARD -j REJECT



COMMIT


IPv6:



*filter



# Allow all loopback (lo0) traffic and reject traffic

# to localhost that does not originate from lo0.

-A INPUT -i lo -j ACCEPT

-A INPUT ! -i lo -s ::1/128 -j REJECT



# Allow ICMP

-A INPUT  -p icmpv6 -j ACCEPT



# Allow HTTP and HTTPS connections from anywhere

# (the normal ports for web servers).

-A INPUT -p tcp --dport 80 -j ACCEPT

-A INPUT -p tcp --dport 443 -j ACCEPT



# Accept inbound traffic from established connections.

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT



# Log what was incoming but denied (optional but useful).

-A INPUT -m limit --limit 5/min -j LOG --log-prefix "ip6tables_INPUT_denied: " --log-level 7



# Reject all other inbound.

-A INPUT -j REJECT



# Log any traffic which was sent to you

# for forwarding (optional but useful).

-A FORWARD -m limit --limit 5/min -j LOG --log-prefix "ip6tables_FORWARD_denied: " --log-level 7



# Reject all traffic forwarding.

-A FORWARD -j REJECT



COMMIT





linux iptables







share|improve this question























  • You should first post the eror message you get, then search your /var/log directory for iptables-related error messages. In doubt, sift thru cd /var/log; grep -nrI iptables. Then post here what you find.

    – MariusMatutiae
    Oct 29 '15 at 13:22











  • @MariusMatutiae unfortunately iptables-restore: line 37 failed is all I get. I've searched the logs and there's nothing related to an error unfortunately.

    – alessioalex
    Oct 29 '15 at 13:58











  • Right at the end of the file makes me think it's expecting a trailing newline character or something like that. If that's not it, and if that's all it's giving you, the only other option would be to run each of the rules individually and see which one fails.

    – Radhil
    Nov 1 '15 at 21:38
















2















I'm trying to setup iptables (using iptables-restore) for a new server and was looking at the security docs from Linode, so basically used their templates for IPv4 and IPv6. These are both failing at the COMMIT message, but I guess the error is somewhere else.



alessio@scw-272444:~$ sudo iptables-restore < /tmp/v4

iptables-restore: line 37 failed


IPv4:



*filter



# Allow all loopback (lo0) traffic and reject traffic

# to localhost that does not originate from lo0.

-A INPUT -i lo -j ACCEPT

-A INPUT ! -i lo -s 127.0.0.0/8 -j REJECT



# Allow ping and traceroute.

-A INPUT -p icmp --icmp-type 3 -j ACCEPT

-A INPUT -p icmp --icmp-type 8 -j ACCEPT

-A INPUT -p icmp --icmp-type 11 -j ACCEPT



# Allow SSH connections.

-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT



# Allow HTTP and HTTPS connections from anywhere

# (the normal ports for web servers).

-A INPUT -p tcp --dport 80 -j ACCEPT

-A INPUT -p tcp --dport 443 -j ACCEPT



# Accept inbound traffic from established connections.

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT



# Log what was incoming but denied (optional but useful).

-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: " --log-level 7



# Reject all other inbound.

-A INPUT -j REJECT



# Log any traffic which was sent to you

# for forwarding (optional but useful).

-A FORWARD -m limit --limit 5/min -j LOG --log-prefix "iptables_FORWARD_denied: " --log-level 7



# Reject all traffic forwarding.

-A FORWARD -j REJECT



COMMIT


IPv6:



*filter



# Allow all loopback (lo0) traffic and reject traffic

# to localhost that does not originate from lo0.

-A INPUT -i lo -j ACCEPT

-A INPUT ! -i lo -s ::1/128 -j REJECT



# Allow ICMP

-A INPUT  -p icmpv6 -j ACCEPT



# Allow HTTP and HTTPS connections from anywhere

# (the normal ports for web servers).

-A INPUT -p tcp --dport 80 -j ACCEPT

-A INPUT -p tcp --dport 443 -j ACCEPT



# Accept inbound traffic from established connections.

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT



# Log what was incoming but denied (optional but useful).

-A INPUT -m limit --limit 5/min -j LOG --log-prefix "ip6tables_INPUT_denied: " --log-level 7



# Reject all other inbound.

-A INPUT -j REJECT



# Log any traffic which was sent to you

# for forwarding (optional but useful).

-A FORWARD -m limit --limit 5/min -j LOG --log-prefix "ip6tables_FORWARD_denied: " --log-level 7



# Reject all traffic forwarding.

-A FORWARD -j REJECT



COMMIT





linux iptables







share|improve this question























  • You should first post the eror message you get, then search your /var/log directory for iptables-related error messages. In doubt, sift thru cd /var/log; grep -nrI iptables. Then post here what you find.

    – MariusMatutiae
    Oct 29 '15 at 13:22











  • @MariusMatutiae unfortunately iptables-restore: line 37 failed is all I get. I've searched the logs and there's nothing related to an error unfortunately.

    – alessioalex
    Oct 29 '15 at 13:58











  • Right at the end of the file makes me think it's expecting a trailing newline character or something like that. If that's not it, and if that's all it's giving you, the only other option would be to run each of the rules individually and see which one fails.

    – Radhil
    Nov 1 '15 at 21:38














2












2








2


2






I'm trying to setup iptables (using iptables-restore) for a new server and was looking at the security docs from Linode, so basically used their templates for IPv4 and IPv6. These are both failing at the COMMIT message, but I guess the error is somewhere else.



alessio@scw-272444:~$ sudo iptables-restore < /tmp/v4

iptables-restore: line 37 failed


IPv4:



*filter



# Allow all loopback (lo0) traffic and reject traffic

# to localhost that does not originate from lo0.

-A INPUT -i lo -j ACCEPT

-A INPUT ! -i lo -s 127.0.0.0/8 -j REJECT



# Allow ping and traceroute.

-A INPUT -p icmp --icmp-type 3 -j ACCEPT

-A INPUT -p icmp --icmp-type 8 -j ACCEPT

-A INPUT -p icmp --icmp-type 11 -j ACCEPT



# Allow SSH connections.

-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT



# Allow HTTP and HTTPS connections from anywhere

# (the normal ports for web servers).

-A INPUT -p tcp --dport 80 -j ACCEPT

-A INPUT -p tcp --dport 443 -j ACCEPT



# Accept inbound traffic from established connections.

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT



# Log what was incoming but denied (optional but useful).

-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: " --log-level 7



# Reject all other inbound.

-A INPUT -j REJECT



# Log any traffic which was sent to you

# for forwarding (optional but useful).

-A FORWARD -m limit --limit 5/min -j LOG --log-prefix "iptables_FORWARD_denied: " --log-level 7



# Reject all traffic forwarding.

-A FORWARD -j REJECT



COMMIT


IPv6:



*filter



# Allow all loopback (lo0) traffic and reject traffic

# to localhost that does not originate from lo0.

-A INPUT -i lo -j ACCEPT

-A INPUT ! -i lo -s ::1/128 -j REJECT



# Allow ICMP

-A INPUT  -p icmpv6 -j ACCEPT



# Allow HTTP and HTTPS connections from anywhere

# (the normal ports for web servers).

-A INPUT -p tcp --dport 80 -j ACCEPT

-A INPUT -p tcp --dport 443 -j ACCEPT



# Accept inbound traffic from established connections.

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT



# Log what was incoming but denied (optional but useful).

-A INPUT -m limit --limit 5/min -j LOG --log-prefix "ip6tables_INPUT_denied: " --log-level 7



# Reject all other inbound.

-A INPUT -j REJECT



# Log any traffic which was sent to you

# for forwarding (optional but useful).

-A FORWARD -m limit --limit 5/min -j LOG --log-prefix "ip6tables_FORWARD_denied: " --log-level 7



# Reject all traffic forwarding.

-A FORWARD -j REJECT



COMMIT





linux iptables







share|improve this question














I'm trying to setup iptables (using iptables-restore) for a new server and was looking at the security docs from Linode, so basically used their templates for IPv4 and IPv6. These are both failing at the COMMIT message, but I guess the error is somewhere else.



alessio@scw-272444:~$ sudo iptables-restore < /tmp/v4

iptables-restore: line 37 failed


IPv4:



*filter



# Allow all loopback (lo0) traffic and reject traffic

# to localhost that does not originate from lo0.

-A INPUT -i lo -j ACCEPT

-A INPUT ! -i lo -s 127.0.0.0/8 -j REJECT



# Allow ping and traceroute.

-A INPUT -p icmp --icmp-type 3 -j ACCEPT

-A INPUT -p icmp --icmp-type 8 -j ACCEPT

-A INPUT -p icmp --icmp-type 11 -j ACCEPT



# Allow SSH connections.

-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT



# Allow HTTP and HTTPS connections from anywhere

# (the normal ports for web servers).

-A INPUT -p tcp --dport 80 -j ACCEPT

-A INPUT -p tcp --dport 443 -j ACCEPT



# Accept inbound traffic from established connections.

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT



# Log what was incoming but denied (optional but useful).

-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: " --log-level 7



# Reject all other inbound.

-A INPUT -j REJECT



# Log any traffic which was sent to you

# for forwarding (optional but useful).

-A FORWARD -m limit --limit 5/min -j LOG --log-prefix "iptables_FORWARD_denied: " --log-level 7



# Reject all traffic forwarding.

-A FORWARD -j REJECT



COMMIT


IPv6:



*filter



# Allow all loopback (lo0) traffic and reject traffic

# to localhost that does not originate from lo0.

-A INPUT -i lo -j ACCEPT

-A INPUT ! -i lo -s ::1/128 -j REJECT



# Allow ICMP

-A INPUT  -p icmpv6 -j ACCEPT



# Allow HTTP and HTTPS connections from anywhere

# (the normal ports for web servers).

-A INPUT -p tcp --dport 80 -j ACCEPT

-A INPUT -p tcp --dport 443 -j ACCEPT



# Accept inbound traffic from established connections.

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT



# Log what was incoming but denied (optional but useful).

-A INPUT -m limit --limit 5/min -j LOG --log-prefix "ip6tables_INPUT_denied: " --log-level 7



# Reject all other inbound.

-A INPUT -j REJECT



# Log any traffic which was sent to you

# for forwarding (optional but useful).

-A FORWARD -m limit --limit 5/min -j LOG --log-prefix "ip6tables_FORWARD_denied: " --log-level 7



# Reject all traffic forwarding.

-A FORWARD -j REJECT



COMMIT





linux iptables




linux iptables






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Oct 29 '15 at 13:12









alessioalexalessioalex

16616




16616













  • You should first post the eror message you get, then search your /var/log directory for iptables-related error messages. In doubt, sift thru cd /var/log; grep -nrI iptables. Then post here what you find.

    – MariusMatutiae
    Oct 29 '15 at 13:22











  • @MariusMatutiae unfortunately iptables-restore: line 37 failed is all I get. I've searched the logs and there's nothing related to an error unfortunately.

    – alessioalex
    Oct 29 '15 at 13:58











  • Right at the end of the file makes me think it's expecting a trailing newline character or something like that. If that's not it, and if that's all it's giving you, the only other option would be to run each of the rules individually and see which one fails.

    – Radhil
    Nov 1 '15 at 21:38



















  • You should first post the eror message you get, then search your /var/log directory for iptables-related error messages. In doubt, sift thru cd /var/log; grep -nrI iptables. Then post here what you find.

    – MariusMatutiae
    Oct 29 '15 at 13:22











  • @MariusMatutiae unfortunately iptables-restore: line 37 failed is all I get. I've searched the logs and there's nothing related to an error unfortunately.

    – alessioalex
    Oct 29 '15 at 13:58











  • Right at the end of the file makes me think it's expecting a trailing newline character or something like that. If that's not it, and if that's all it's giving you, the only other option would be to run each of the rules individually and see which one fails.

    – Radhil
    Nov 1 '15 at 21:38

















You should first post the eror message you get, then search your /var/log directory for iptables-related error messages. In doubt, sift thru cd /var/log; grep -nrI iptables. Then post here what you find.

– MariusMatutiae
Oct 29 '15 at 13:22





You should first post the eror message you get, then search your /var/log directory for iptables-related error messages. In doubt, sift thru cd /var/log; grep -nrI iptables. Then post here what you find.

– MariusMatutiae
Oct 29 '15 at 13:22













@MariusMatutiae unfortunately iptables-restore: line 37 failed is all I get. I've searched the logs and there's nothing related to an error unfortunately.

– alessioalex
Oct 29 '15 at 13:58





@MariusMatutiae unfortunately iptables-restore: line 37 failed is all I get. I've searched the logs and there's nothing related to an error unfortunately.

– alessioalex
Oct 29 '15 at 13:58













Right at the end of the file makes me think it's expecting a trailing newline character or something like that. If that's not it, and if that's all it's giving you, the only other option would be to run each of the rules individually and see which one fails.

– Radhil
Nov 1 '15 at 21:38





Right at the end of the file makes me think it's expecting a trailing newline character or something like that. If that's not it, and if that's all it's giving you, the only other option would be to run each of the rules individually and see which one fails.

– Radhil
Nov 1 '15 at 21:38










1 Answer
1






active

oldest

votes


















0














The line COMMIT failed because maybe there are some mistakes before this line. Please check each single line in your configuration (paste it as arguments for iptables).



Or you can convert your iptables configuration as a bash script and run bash -x to view the misconfiguration:





#!/bin/bash

#

# this file is: iptables_v4.sh



# Allow all loopback (lo0) traffic and reject traffic

# to localhost that does not originate from lo0.

iptables -A  INPUT -i lo -j ACCEPT

iptables -A  INPUT ! -i lo -s 127.0.0.0/8 -j REJECT



# Allow ping and traceroute.

iptables -A  INPUT -p icmp --icmp-type 3 -j ACCEPT

iptables -A  INPUT -p icmp --icmp-type 8 -j ACCEPT

iptables -A  INPUT -p icmp --icmp-type 11 -j ACCEPT



# Allow SSH connections.

iptables -A  INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT



# Allow HTTP and HTTPS connections from anywhere

# (the normal ports for web servers).

iptables -A  INPUT -p tcp --dport 80 -j ACCEPT

iptables -A  INPUT -p tcp --dport 443 -j ACCEPT



# Accept inbound traffic from established connections.

iptables -A  INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT



# Log what was incoming but denied (optional but useful).

iptables -A  INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: " --log-level 7



# Reject all other inbound.

iptables -A  INPUT -j REJECT



# Log any traffic which was sent to you

# for forwarding (optional but useful).

iptables -A  FORWARD -m limit --limit 5/min -j LOG --log-prefix "iptables_FORWARD_denied: " --log-level 7



# Reject all traffic forwarding.

iptables -A  FORWARD -j REJECT


To Debug:: 


root$bash -x iptables_v4.sh





share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f993459%2fiptables-restore-failed-at-commit-line-no-detailed-description%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    The line COMMIT failed because maybe there are some mistakes before this line. Please check each single line in your configuration (paste it as arguments for iptables).



    Or you can convert your iptables configuration as a bash script and run bash -x to view the misconfiguration:




    
#!/bin/bash
    
#
    
# this file is: iptables_v4.sh
    

    
# Allow all loopback (lo0) traffic and reject traffic
    
# to localhost that does not originate from lo0.
    
iptables -A  INPUT -i lo -j ACCEPT
    
iptables -A  INPUT ! -i lo -s 127.0.0.0/8 -j REJECT
    

    
# Allow ping and traceroute.
    
iptables -A  INPUT -p icmp --icmp-type 3 -j ACCEPT
    
iptables -A  INPUT -p icmp --icmp-type 8 -j ACCEPT
    
iptables -A  INPUT -p icmp --icmp-type 11 -j ACCEPT
    

    
# Allow SSH connections.
    
iptables -A  INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
    

    
# Allow HTTP and HTTPS connections from anywhere
    
# (the normal ports for web servers).
    
iptables -A  INPUT -p tcp --dport 80 -j ACCEPT
    
iptables -A  INPUT -p tcp --dport 443 -j ACCEPT
    

    
# Accept inbound traffic from established connections.
    
iptables -A  INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    

    
# Log what was incoming but denied (optional but useful).
    
iptables -A  INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: " --log-level 7
    

    
# Reject all other inbound.
    
iptables -A  INPUT -j REJECT
    

    
# Log any traffic which was sent to you
    
# for forwarding (optional but useful).
    
iptables -A  FORWARD -m limit --limit 5/min -j LOG --log-prefix "iptables_FORWARD_denied: " --log-level 7
    

    
# Reject all traffic forwarding.
    
iptables -A  FORWARD -j REJECT


    To Debug:: 


    root$bash -x iptables_v4.sh





    share|improve this answer




























      0














      The line COMMIT failed because maybe there are some mistakes before this line. Please check each single line in your configuration (paste it as arguments for iptables).



      Or you can convert your iptables configuration as a bash script and run bash -x to view the misconfiguration:




      
#!/bin/bash
      
#
      
# this file is: iptables_v4.sh
      

      
# Allow all loopback (lo0) traffic and reject traffic
      
# to localhost that does not originate from lo0.
      
iptables -A  INPUT -i lo -j ACCEPT
      
iptables -A  INPUT ! -i lo -s 127.0.0.0/8 -j REJECT
      

      
# Allow ping and traceroute.
      
iptables -A  INPUT -p icmp --icmp-type 3 -j ACCEPT
      
iptables -A  INPUT -p icmp --icmp-type 8 -j ACCEPT
      
iptables -A  INPUT -p icmp --icmp-type 11 -j ACCEPT
      

      
# Allow SSH connections.
      
iptables -A  INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
      

      
# Allow HTTP and HTTPS connections from anywhere
      
# (the normal ports for web servers).
      
iptables -A  INPUT -p tcp --dport 80 -j ACCEPT
      
iptables -A  INPUT -p tcp --dport 443 -j ACCEPT
      

      
# Accept inbound traffic from established connections.
      
iptables -A  INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
      

      
# Log what was incoming but denied (optional but useful).
      
iptables -A  INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: " --log-level 7
      

      
# Reject all other inbound.
      
iptables -A  INPUT -j REJECT
      

      
# Log any traffic which was sent to you
      
# for forwarding (optional but useful).
      
iptables -A  FORWARD -m limit --limit 5/min -j LOG --log-prefix "iptables_FORWARD_denied: " --log-level 7
      

      
# Reject all traffic forwarding.
      
iptables -A  FORWARD -j REJECT


      To Debug:: 


      root$bash -x iptables_v4.sh





      share|improve this answer


























        0












        0








        0







        The line COMMIT failed because maybe there are some mistakes before this line. Please check each single line in your configuration (paste it as arguments for iptables).



        Or you can convert your iptables configuration as a bash script and run bash -x to view the misconfiguration:




        
#!/bin/bash
        
#
        
# this file is: iptables_v4.sh
        

        
# Allow all loopback (lo0) traffic and reject traffic
        
# to localhost that does not originate from lo0.
        
iptables -A  INPUT -i lo -j ACCEPT
        
iptables -A  INPUT ! -i lo -s 127.0.0.0/8 -j REJECT
        

        
# Allow ping and traceroute.
        
iptables -A  INPUT -p icmp --icmp-type 3 -j ACCEPT
        
iptables -A  INPUT -p icmp --icmp-type 8 -j ACCEPT
        
iptables -A  INPUT -p icmp --icmp-type 11 -j ACCEPT
        

        
# Allow SSH connections.
        
iptables -A  INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
        

        
# Allow HTTP and HTTPS connections from anywhere
        
# (the normal ports for web servers).
        
iptables -A  INPUT -p tcp --dport 80 -j ACCEPT
        
iptables -A  INPUT -p tcp --dport 443 -j ACCEPT
        

        
# Accept inbound traffic from established connections.
        
iptables -A  INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
        

        
# Log what was incoming but denied (optional but useful).
        
iptables -A  INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: " --log-level 7
        

        
# Reject all other inbound.
        
iptables -A  INPUT -j REJECT
        

        
# Log any traffic which was sent to you
        
# for forwarding (optional but useful).
        
iptables -A  FORWARD -m limit --limit 5/min -j LOG --log-prefix "iptables_FORWARD_denied: " --log-level 7
        

        
# Reject all traffic forwarding.
        
iptables -A  FORWARD -j REJECT


        To Debug:: 


        root$bash -x iptables_v4.sh





        share|improve this answer













        The line COMMIT failed because maybe there are some mistakes before this line. Please check each single line in your configuration (paste it as arguments for iptables).



        Or you can convert your iptables configuration as a bash script and run bash -x to view the misconfiguration:




        
#!/bin/bash
        
#
        
# this file is: iptables_v4.sh
        

        
# Allow all loopback (lo0) traffic and reject traffic
        
# to localhost that does not originate from lo0.
        
iptables -A  INPUT -i lo -j ACCEPT
        
iptables -A  INPUT ! -i lo -s 127.0.0.0/8 -j REJECT
        

        
# Allow ping and traceroute.
        
iptables -A  INPUT -p icmp --icmp-type 3 -j ACCEPT
        
iptables -A  INPUT -p icmp --icmp-type 8 -j ACCEPT
        
iptables -A  INPUT -p icmp --icmp-type 11 -j ACCEPT
        

        
# Allow SSH connections.
        
iptables -A  INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
        

        
# Allow HTTP and HTTPS connections from anywhere
        
# (the normal ports for web servers).
        
iptables -A  INPUT -p tcp --dport 80 -j ACCEPT
        
iptables -A  INPUT -p tcp --dport 443 -j ACCEPT
        

        
# Accept inbound traffic from established connections.
        
iptables -A  INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
        

        
# Log what was incoming but denied (optional but useful).
        
iptables -A  INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: " --log-level 7
        

        
# Reject all other inbound.
        
iptables -A  INPUT -j REJECT
        

        
# Log any traffic which was sent to you
        
# for forwarding (optional but useful).
        
iptables -A  FORWARD -m limit --limit 5/min -j LOG --log-prefix "iptables_FORWARD_denied: " --log-level 7
        

        
# Reject all traffic forwarding.
        
iptables -A  FORWARD -j REJECT


        To Debug:: 


        root$bash -x iptables_v4.sh






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 4 '16 at 3:11









        tuantmtuantm

        33




        33






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f993459%2fiptables-restore-failed-at-commit-line-no-detailed-description%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Mouse cursor on multiple screens with different PPI

            Image
            24 6 I'm using a 4K display along with a Full HD display with both almost the same physical size and it brings some mouse cursor problems to me working with it on the default Windows settings. As the mouse movement speed depends on the pixels, it's very slow on the 4K display and very fast on the Full HD display. Is there a windows setting or application to move the mouse depending on the visible distance and not the pixels? Another problem is the virtual wall between the screens I can't move the cursor from the upper half of the 4K screen to the Full HD screen: How is it possible to virtually stretch the cursor transition area of the Full HD screen to the one of the 4K monitor? The smallest problem, nevertheless painful, is the cursor size which varies between the screens. Is there a way ...
            Read more

            Agildo Ribeiro

            Image
            Agildo Ribeiro Agildo em 2015 Nome completo Agildo da Gama Barata Ribeiro Filho Nascimento 26 de abril de 1932 Rio de Janeiro, DF Morte 28 de abril de 2018 (86 anos) Rio de Janeiro, RJ Ocupação Ator e humorista ...
            Read more

            Sometime when accessing a menu: “Ubuntu 16.04 has experienced an internal error”

            Image
            0 Sometime, when I try to access some menu (may be inside an application or desktop, doesn't matter), I got the following error. The menu and submenu disappear for a while. After that, I can continue using the system. And the lspci gave me the following output: $ lspci -k | grep -EA3 'VGA|3D|Display' 00:02.0 VGA compatible controller: Intel Corporation Haswell-ULT Integrated Graphics Controller (rev 0b) DeviceName: Onboard IGD Subsystem: Dell Haswell-ULT Integrated Graphics Controller Kernel driver in use: i915 unity compiz error-handling share | improve this question edited Mar 5 at 16:09 ...
            Read more