After changing file /etc/sysconfig/iptables
you must restart iptables:
/etc/init.t/iptables restart
OR
service iptables restart
But when you write iptables commands in bash you must do:
/etc/init.d/iptables save
OR
service iptables save
Try to modify /etc/sysconfig/iptables
file to:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT --protocol icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp --protocol tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp --protocol tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
This is also correct to enter iptables commands in bash:
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
If you are using debian based or any distro this is recommended to enter iptables command in bash(terminal) because /etc/sysconfig/iptables
is just exsisted in redhat based distros...
UPDATE
If you want to run iptables command in bash terminal it is better to remove your rules first...You can run this bash script:
#!/bin/bash
iptables -F
iptables -X
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
/etc/init.d/iptables save