How to implement iptables on lxc-container?
Clash Royale CLAN TAG#URR8PPP
I installed lxc-container (fedora 29 amd64) on my ubuntu 18.04 system. The linux container had no firewall command line tools. Therefore I installed iptables into my container and it installed successfully.
However I tried to configure the interfaces to drop all incoming and outgoing packets which did not work. I am giving you all the details here.
The command ip a
gave;
[root@fedora29 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:4c:d8:bf brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.0.3.52/24 brd 10.0.3.255 scope global dynamic eth0
valid_lft 3456sec preferred_lft 3456sec
inet6 fe80::216:3eff:fe4c:d8bf/64 scope link
valid_lft forever preferred_lft forever
I have iptables rules as follows;
[root@fedora29 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Therefore I added the following two rules
iptables --table filter --append INPUT --in-interface eth0@if8 --jump DROP
iptables --table filter --append OUTPUT --out-interface eth0@if8 --jump DROP
When I finally saved the configuration with
iptables-save
[root@fedora29 ~]# iptables-save
# Generated by iptables-save v1.8.0 on Wed Feb 20 08:41:43 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0@if8 -j DROP
-A OUTPUT -o eth0@if8 -j DROP
COMMIT
# Completed on Wed Feb 20 08:41:43 2019
However the same worked fine with my ubuntu host system, where the interface is named lxcbr0.
linux fedora iptables firewall lxc
add a comment |
I installed lxc-container (fedora 29 amd64) on my ubuntu 18.04 system. The linux container had no firewall command line tools. Therefore I installed iptables into my container and it installed successfully.
However I tried to configure the interfaces to drop all incoming and outgoing packets which did not work. I am giving you all the details here.
The command ip a
gave;
[root@fedora29 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:4c:d8:bf brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.0.3.52/24 brd 10.0.3.255 scope global dynamic eth0
valid_lft 3456sec preferred_lft 3456sec
inet6 fe80::216:3eff:fe4c:d8bf/64 scope link
valid_lft forever preferred_lft forever
I have iptables rules as follows;
[root@fedora29 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Therefore I added the following two rules
iptables --table filter --append INPUT --in-interface eth0@if8 --jump DROP
iptables --table filter --append OUTPUT --out-interface eth0@if8 --jump DROP
When I finally saved the configuration with
iptables-save
[root@fedora29 ~]# iptables-save
# Generated by iptables-save v1.8.0 on Wed Feb 20 08:41:43 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0@if8 -j DROP
-A OUTPUT -o eth0@if8 -j DROP
COMMIT
# Completed on Wed Feb 20 08:41:43 2019
However the same worked fine with my ubuntu host system, where the interface is named lxcbr0.
linux fedora iptables firewall lxc
have you reloaded the iptables service after saving?systemctl iptables reload
– RobotJohnny
Feb 20 at 13:12
@RobotJohnny It's giving. Failed to reload iptables.service: Unit iptables.service not found.
– shiva
Feb 21 at 7:29
add a comment |
I installed lxc-container (fedora 29 amd64) on my ubuntu 18.04 system. The linux container had no firewall command line tools. Therefore I installed iptables into my container and it installed successfully.
However I tried to configure the interfaces to drop all incoming and outgoing packets which did not work. I am giving you all the details here.
The command ip a
gave;
[root@fedora29 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:4c:d8:bf brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.0.3.52/24 brd 10.0.3.255 scope global dynamic eth0
valid_lft 3456sec preferred_lft 3456sec
inet6 fe80::216:3eff:fe4c:d8bf/64 scope link
valid_lft forever preferred_lft forever
I have iptables rules as follows;
[root@fedora29 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Therefore I added the following two rules
iptables --table filter --append INPUT --in-interface eth0@if8 --jump DROP
iptables --table filter --append OUTPUT --out-interface eth0@if8 --jump DROP
When I finally saved the configuration with
iptables-save
[root@fedora29 ~]# iptables-save
# Generated by iptables-save v1.8.0 on Wed Feb 20 08:41:43 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0@if8 -j DROP
-A OUTPUT -o eth0@if8 -j DROP
COMMIT
# Completed on Wed Feb 20 08:41:43 2019
However the same worked fine with my ubuntu host system, where the interface is named lxcbr0.
linux fedora iptables firewall lxc
I installed lxc-container (fedora 29 amd64) on my ubuntu 18.04 system. The linux container had no firewall command line tools. Therefore I installed iptables into my container and it installed successfully.
However I tried to configure the interfaces to drop all incoming and outgoing packets which did not work. I am giving you all the details here.
The command ip a
gave;
[root@fedora29 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:4c:d8:bf brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.0.3.52/24 brd 10.0.3.255 scope global dynamic eth0
valid_lft 3456sec preferred_lft 3456sec
inet6 fe80::216:3eff:fe4c:d8bf/64 scope link
valid_lft forever preferred_lft forever
I have iptables rules as follows;
[root@fedora29 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Therefore I added the following two rules
iptables --table filter --append INPUT --in-interface eth0@if8 --jump DROP
iptables --table filter --append OUTPUT --out-interface eth0@if8 --jump DROP
When I finally saved the configuration with
iptables-save
[root@fedora29 ~]# iptables-save
# Generated by iptables-save v1.8.0 on Wed Feb 20 08:41:43 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0@if8 -j DROP
-A OUTPUT -o eth0@if8 -j DROP
COMMIT
# Completed on Wed Feb 20 08:41:43 2019
However the same worked fine with my ubuntu host system, where the interface is named lxcbr0.
linux fedora iptables firewall lxc
linux fedora iptables firewall lxc
edited Feb 20 at 12:26
Rui F Ribeiro
41.5k1483140
41.5k1483140
asked Feb 20 at 9:47
shivashiva
62
62
have you reloaded the iptables service after saving?systemctl iptables reload
– RobotJohnny
Feb 20 at 13:12
@RobotJohnny It's giving. Failed to reload iptables.service: Unit iptables.service not found.
– shiva
Feb 21 at 7:29
add a comment |
have you reloaded the iptables service after saving?systemctl iptables reload
– RobotJohnny
Feb 20 at 13:12
@RobotJohnny It's giving. Failed to reload iptables.service: Unit iptables.service not found.
– shiva
Feb 21 at 7:29
have you reloaded the iptables service after saving?
systemctl iptables reload
– RobotJohnny
Feb 20 at 13:12
have you reloaded the iptables service after saving?
systemctl iptables reload
– RobotJohnny
Feb 20 at 13:12
@RobotJohnny It's giving
. Failed to reload iptables.service: Unit iptables.service not found.
– shiva
Feb 21 at 7:29
@RobotJohnny It's giving
. Failed to reload iptables.service: Unit iptables.service not found.
– shiva
Feb 21 at 7:29
add a comment |
2 Answers
2
active
oldest
votes
Just remove @if8
from the interface name in your rules, because it's not part of the interface name. The interface name is just eth0
.
@if8
is a clue given about the link peer interface, and is dynamic: for example it could change after container restart.
For more information on the meaning of @if8
you can see my answer there:
What does “if1@if2” mean in interface name in output of “ip address” command on Ubuntu
this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement. systemctl reload iptables
. it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`
– shiva
Feb 21 at 7:27
add a comment |
Firstly I need to thank @A.B for his response as it cleared my issue. While I tried using policy for the built-in chain without giving the interface it worked.....
[root@fedora29 ~]# iptables --table filter --policy INPUT DROP
[root@fedora29 ~]# iptables --table filter --policy OUTPUT DROP
[root@fedora29 ~]# iptables-save > /etc/network/iptables
[root@fedora29 ~]# iptables-apply /etc/network/iptables
Applying new ruleset... done.
Can you establish NEW connections to the machine? (y/N) y
... then my job is done. See you next time.
However when i tried to list the rules using iptables -L
i did observe that no new rules were created but the policy of the rules are modified as shown...
[root@fedora29 ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
[root@fedora29 ~]# ping 10.0.3.1
PING 10.0.3.1 (10.0.3.1) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
--- 10.0.3.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 23ms
[root@fedora29 ~]# iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f501803%2fhow-to-implement-iptables-on-lxc-container%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Just remove @if8
from the interface name in your rules, because it's not part of the interface name. The interface name is just eth0
.
@if8
is a clue given about the link peer interface, and is dynamic: for example it could change after container restart.
For more information on the meaning of @if8
you can see my answer there:
What does “if1@if2” mean in interface name in output of “ip address” command on Ubuntu
this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement. systemctl reload iptables
. it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`
– shiva
Feb 21 at 7:27
add a comment |
Just remove @if8
from the interface name in your rules, because it's not part of the interface name. The interface name is just eth0
.
@if8
is a clue given about the link peer interface, and is dynamic: for example it could change after container restart.
For more information on the meaning of @if8
you can see my answer there:
What does “if1@if2” mean in interface name in output of “ip address” command on Ubuntu
this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement. systemctl reload iptables
. it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`
– shiva
Feb 21 at 7:27
add a comment |
Just remove @if8
from the interface name in your rules, because it's not part of the interface name. The interface name is just eth0
.
@if8
is a clue given about the link peer interface, and is dynamic: for example it could change after container restart.
For more information on the meaning of @if8
you can see my answer there:
What does “if1@if2” mean in interface name in output of “ip address” command on Ubuntu
Just remove @if8
from the interface name in your rules, because it's not part of the interface name. The interface name is just eth0
.
@if8
is a clue given about the link peer interface, and is dynamic: for example it could change after container restart.
For more information on the meaning of @if8
you can see my answer there:
What does “if1@if2” mean in interface name in output of “ip address” command on Ubuntu
answered Feb 20 at 16:14
A.BA.B
5,2121728
5,2121728
this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement. systemctl reload iptables
. it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`
– shiva
Feb 21 at 7:27
add a comment |
this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement. systemctl reload iptables
. it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`
– shiva
Feb 21 at 7:27
this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement
. systemctl reload iptables
. it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`– shiva
Feb 21 at 7:27
this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement
. systemctl reload iptables
. it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`– shiva
Feb 21 at 7:27
add a comment |
Firstly I need to thank @A.B for his response as it cleared my issue. While I tried using policy for the built-in chain without giving the interface it worked.....
[root@fedora29 ~]# iptables --table filter --policy INPUT DROP
[root@fedora29 ~]# iptables --table filter --policy OUTPUT DROP
[root@fedora29 ~]# iptables-save > /etc/network/iptables
[root@fedora29 ~]# iptables-apply /etc/network/iptables
Applying new ruleset... done.
Can you establish NEW connections to the machine? (y/N) y
... then my job is done. See you next time.
However when i tried to list the rules using iptables -L
i did observe that no new rules were created but the policy of the rules are modified as shown...
[root@fedora29 ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
[root@fedora29 ~]# ping 10.0.3.1
PING 10.0.3.1 (10.0.3.1) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
--- 10.0.3.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 23ms
[root@fedora29 ~]# iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
add a comment |
Firstly I need to thank @A.B for his response as it cleared my issue. While I tried using policy for the built-in chain without giving the interface it worked.....
[root@fedora29 ~]# iptables --table filter --policy INPUT DROP
[root@fedora29 ~]# iptables --table filter --policy OUTPUT DROP
[root@fedora29 ~]# iptables-save > /etc/network/iptables
[root@fedora29 ~]# iptables-apply /etc/network/iptables
Applying new ruleset... done.
Can you establish NEW connections to the machine? (y/N) y
... then my job is done. See you next time.
However when i tried to list the rules using iptables -L
i did observe that no new rules were created but the policy of the rules are modified as shown...
[root@fedora29 ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
[root@fedora29 ~]# ping 10.0.3.1
PING 10.0.3.1 (10.0.3.1) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
--- 10.0.3.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 23ms
[root@fedora29 ~]# iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
add a comment |
Firstly I need to thank @A.B for his response as it cleared my issue. While I tried using policy for the built-in chain without giving the interface it worked.....
[root@fedora29 ~]# iptables --table filter --policy INPUT DROP
[root@fedora29 ~]# iptables --table filter --policy OUTPUT DROP
[root@fedora29 ~]# iptables-save > /etc/network/iptables
[root@fedora29 ~]# iptables-apply /etc/network/iptables
Applying new ruleset... done.
Can you establish NEW connections to the machine? (y/N) y
... then my job is done. See you next time.
However when i tried to list the rules using iptables -L
i did observe that no new rules were created but the policy of the rules are modified as shown...
[root@fedora29 ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
[root@fedora29 ~]# ping 10.0.3.1
PING 10.0.3.1 (10.0.3.1) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
--- 10.0.3.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 23ms
[root@fedora29 ~]# iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
Firstly I need to thank @A.B for his response as it cleared my issue. While I tried using policy for the built-in chain without giving the interface it worked.....
[root@fedora29 ~]# iptables --table filter --policy INPUT DROP
[root@fedora29 ~]# iptables --table filter --policy OUTPUT DROP
[root@fedora29 ~]# iptables-save > /etc/network/iptables
[root@fedora29 ~]# iptables-apply /etc/network/iptables
Applying new ruleset... done.
Can you establish NEW connections to the machine? (y/N) y
... then my job is done. See you next time.
However when i tried to list the rules using iptables -L
i did observe that no new rules were created but the policy of the rules are modified as shown...
[root@fedora29 ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
[root@fedora29 ~]# ping 10.0.3.1
PING 10.0.3.1 (10.0.3.1) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
--- 10.0.3.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 23ms
[root@fedora29 ~]# iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
answered Feb 21 at 7:41
shivashiva
62
62
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f501803%2fhow-to-implement-iptables-on-lxc-container%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
have you reloaded the iptables service after saving?
systemctl iptables reload
– RobotJohnny
Feb 20 at 13:12
@RobotJohnny It's giving
. Failed to reload iptables.service: Unit iptables.service not found.
– shiva
Feb 21 at 7:29