iptables-restore failing to load my rules

I've been searching around for some time now, but nothing solves my problem. I'm setting up a mail server, but when writing to the iptables, I get an error:

iptables-restore: line 2 failed.

I'm trying to use the following /etc/iptables.test.rules:

# Allows SMTP access
-A INPUT -p tcp --dport 25 -j ACCEPT

# Allows pop and pops connections 
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT

# Allows imap and imaps connections 
-A INPUT -p tcp --dport 143 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT

After this, I'm issuing the following command:

sudo iptables-restore < /etc/iptables.test.rules

However I get returned this:

iptables-restore: line 2 failed.

I don't know what the problem is. Can anyone clarify?

I'm using Ubuntu 10.10 LTS

It's because that file is not in the expected format. You should add your rules manually the first time, then use iptables-save to get a file in the expected format.

However it's quite simple to "mimic" the format that iptables-restore expects.

Add a line with just *filter at the top of the file.

Add a line with just COMMIT at the bottom.

So you end up looking like this:

*filter    

# Allows SMTP access
-A INPUT -p tcp --dport 25 -j ACCEPT

# Allows pop and pops connections 
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT

# Allows imap and imaps connections 
-A INPUT -p tcp --dport 143 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT

COMMIT

There's a few other snippets it should have too but that should make it work. After doing this, you can use iptables-save >filename to get the fully correctly formatted save file into filename.

Note that if you do use iptables-save your comments in the file will be lost (it will replace the entire file with its own similar formatted one).