10

I want to open port 443 in my Debian 8 server but i get permission denied error.

my rules.v4 file looks like:

# Generated by iptables-save v1.4.21 on Wed Feb 15 14:42:03 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [208710:151335680]
-A INPUT -p icmp -m comment --comment "000 accept all icmp" -j ACCEPT
-A INPUT -i lo -m comment --comment "001 accept all to lo interface" -j ACCEPT
-A INPUT -m comment --comment "002 accept related established rules" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m multiport --dports 22 -m comment --comment "099 allow ssh access" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -m comment --comment "100 allow http and https access" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 1122 -m comment --comment "150 allow phpmyadmin access" -j ACCEPT
-A INPUT -m comment --comment "999 drop all" -j DROP
COMMIT
# Completed on Wed Feb 15 14:42:03 2017

After making the changes in /etc/iptables/rules.v4 i tried to save with

sudo iptables-save > /etc/iptables/rules.v4

I get error message -bash: /etc/iptables/rules.v4: Permission denied

I tried with sudo bash -C "iptables-save > /etc/iptables/rules.v4" i get no such file or directory when the file exists.

I also tried with tee

sudo tee iptables-save > /etc/iptables/rules.v4

and

sudo sh -c "iptables-save > /etc/iptables/rules.v4"

when i do netstat -tulnp | grep 443 i get no output.

Peter Hahn
  • 101

3 Answers3

14

There are 2 permissions involved in this operation:

  1. permission to read iptables-save
  2. permission to write to /etc/iptables/rules.v4

You cannot use sudo on the second permission needed.

The last command you posted should work, just change -C to -c, otherwise drop to root shell with

sudo su -
Community
  • 1
Bruno9779
  • 1,384
4

You're using tee incorrectly. The iptables-save command creates the contents of what should be saved and sends it to stdout. The tee command needs to read the stdout of iptables-save and write it to the designated file.

The correct way to save the routes without needing to use root shell is to have iptables-save pipe the content to tee which will then save the stdout to file.

sudo iptables-save | sudo tee /etc/iptables/rules.v4

Michael Khalili
  • 141
  • @berndbausch - You must be mixing up OP's question with something else. Their title specifically says "saving iptable rules". Then they go on to say "I also tried with tee". You should re-read the question and consider removing your comment. – Michael Khalili Feb 25 '21 at 16:13
  • 1
    Indeed, tee appears in the question, and I managed to overlook it. Upon re-reading the whole question, it is at least ambiguous to me. The last remark "when i do netstat -tulnp | grep 443 i get no output." indicates that OP wanted to put in place new rules, which requires iptables-restore, but the rest of the question seems to be a tangle of confusion. Nothing we can do with a four years old question. You feedback has validity, and I will indeed remove my comment. Sorry. – berndbausch Feb 25 '21 at 23:09
  • @berndbausch - No problem. I've misread posts before and even continued to misread them after someone pointed out my error. I reread this one 5 times to make sure I wasn't doing that again. Have a great day :) – Michael Khalili Feb 26 '21 at 12:32
0

I´ve had same problem, which I solved:

  1. Change group to user on rules.v4

    sudo chgrp "usergroup" /etc/iptables/rules.v*

  2. Enable writting permission to group

    sudo chmod 664 /etc/iptables/rules.v*

  3. Try again

    sudo iptables-save > /etc/iptables/rules.v4

This worked for me, I hope it helps.

Paulo Tomé
  • 3,782
XaviEE86
  • 1