IPtable entries not saving?

[Undareth]

to expand on the title, I keep making rules however when I go to check them they arent there.

Are they being overwritten by AMTM scripts? I can list what I have installed if this is a possibility

 

[ColinTaylor]

How are you making and applying these rules? How are you checking them? Show us the rules you're trying to use.

 

[Undareth]

A rule I’m trying to implement:

Iptables -A INPUT -i br0 -m iprange --src-range 177.115.15.8-177.115.15.255 -j DROP

I’ve tried checking it using a list of commands I found online:

iptables -S

Iptables -L

iptables -L -v -n

Iptables -L -v -n | more

I understand that rules don’t persist on reboot, however these rules I applied and checked in one shell session

 

[Undareth]

Hi my apologies Colin I seemed to have found the rule. Perhaps I didn’t check properly. Is there anyway I can close the question.

Sorry for wasting time* and thanks for the quick response

 

[ColinTaylor]

Hi my apologies Colin I seemed to have found the rule. Perhaps I didn’t check properly. Is there anyway I can close the question.

You could click on the "Report" option on your first post and ask the admin to delete the thread.

Sorry for wasting time* and thanks for the quick response

That rule will have no effect because it is appended to the end of the INPUT chain after the existing DROP rule. Also it makes no sense because you're specifying traffic from the LAN interface (br0) but 177.115.15.0/24 is a public address range.

 

[Undareth]

Hi sorry Colin I don’t seem to follow in regards to the rule: does the rule have to be stated before the chain is defined.

Is it due to the interface argument. Would this be correct:

iptables -A INPUT -s 192.168.0.0/24 -j DROP

Regarding the ip range, I was testing to see if I could block a range of devices on my LAN . Wouldn’t iptables block that range for that specific interface or is there a specific way to refer to local addresses

 

[Undareth]

The “-i” option is for interface not insert

 

[ColinTaylor]

Hi sorry Colin I don’t seem to follow in regards to the rule: does the rule have to be stated before the chain is defined.

You need to look at the existing rules. Matching rules earlier in the chain take precedence over later rules. The last rule in the INPUT chain is normally a "drop everything" rule. Therefore anything after that will never be processed. This is why most custom firewall rules are inserted rather than appended.

Is it due to the interface argument. Would this be correct:

Regarding the ip range, I was testing to see if I could block a range of devices on my LAN . Wouldn’t iptables block that range for that specific interface or is there a specific way to refer to local addresses

That makes more sense if your LAN address range is 192.168.0.0/24 (and you insert it at the beginning of the chain). However, you don't want that exact rule because it would block all LAN devices from accessing the router.

 

[Jeffrey Young]

The “-i” option is for interface not insert

Bit -I is for insert..... places the rule at the top of the chain. Where as -A appends the ruled to the end of the chain.

Re
iptables -I INPUT -s 192.168.0.0/24 -j DROP

 

[Undareth]

Okay Colin, appreciate you going out of your way to instruct me on this and drop some insight. i admit I jumped the shark a bit with Iptables, and as such didn’t have a good understanding of how it works.