Home / server / Questions / 746396
Accepted
AminM
Asked: 2016-01-03 13:00:19 +0800 CST

error iptables-restore: unable to initialize table filter

  • 772

i have Debian 6.0.5 x86_64 on VPS and create file named 'iptables.rules' with following command:

*filter
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 993 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2222 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p ah -j ACCEPT
-A INPUT -p udp --dport 500 -j ACCEPT
-A INPUT -p udp --dport 4500 -j ACCEPT
-A INPUT -i ipsec+ -p udp -m udp --dport l2tp -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -s 10.0.0.0/8 -p tcp -m multiport --dports 80,443,554,1935,7070,8000,8001,6971:6999 -j ACCEPT
-A FORWARD -s 10.0.0.0/8 -p udp -m multiport --dports 80,443,554,1935,7070,8000,8001,6971:6999 -j ACCEPT
-A FORWARD -s 10.0.0.0/8 -d 8.8.8.8 -p tcp --dport 53 -j ACCEPT
-A FORWARD -s 10.0.0.0/8 -d 8.8.8.8 -p udp --dport 53 -j ACCEPT
-A FORWARD -s 10.0.0.0/8 -d 8.8.4.4 -p tcp --dport 53 -j ACCEPT
-A FORWARD -s 10.0.0.0/8 -d 8.8.4.4 -p udp --dport 53 -j ACCEPT
-A FORWARD -s 10.0.0.0/8 -d 10.0.0.0/8 -j DROP
-A FORWARD -s 10.0.0.0/8 -j DROP 
-A OUTPUT -p tcp -m multiport --dports 53,80,443,554,1935,7070,8000,8001,6971:6999 -j ACCEPT
-A OUTPUT -p udp -m multiport --dports 53,80,443,554,1935,7070,8000,8001,6971:6999 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 123 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 465 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 587 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 993 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 995 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 2222 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -p esp -j ACCEPT
-A OUTPUT -p ah -j ACCEPT
-A OUTPUT -p udp --sport 500 -j ACCEPT
-A OUTPUT -p udp --sport 4500 -j ACCEPT
-A OUTPUT -o ipsec+ -p udp -m udp --dport l2tp -j ACCEPT
-A OUTPUT -j DROP
COMMIT

*nat
-A PREROUTING -i eth+ -p tcp --dport 443 -j DNAT --to-destination :8080
-A POSTROUTING -s 10.0.0.0/8 -o eth+ -j MASQUERADE
COMMIT

but when i run iptables-restore < /etc/iptables.rules command ,putty show me error : 

 iptables-restore: unable to initialize table 'filter

how can i solve this error?

debian

3 Answers

  1. The only time I've seen this error is when I forgot to run iptables-restore as root. Ensure that you are running the command with suitable privilege.

    • 5
  2. Best Answer

    Don't you need the default policy for each chain set? Try inserting:

        *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    <the rest of your rules>

    Or you can come at it from another angle... start with a clean slate - no iptables.rules file , no rules set, then one by one add the new rules to your running system and save the current config as you go.

    • 2

  3. I had the same problem and tried the checked answer (from Jim Potter) but it didn't work for me. After trying his backup plan (build it from scratch and export it with iptables-save), I figured out that I had a second problem: I had \r\n line endings and it requires \n line endings. Once I had fixed this AND had the default policy lines beginning on line 2 everything worked fine.

    • 0