Symptom

Users cannot save/set iptables rules or reload iptables using standard linux commands, iptables rules do not appear to be effective at addition time or after an iptables-save.

Conditions

users using nxapi and wishing to lock down the access to the NXAPI as the cli suggests: nfm-9300-leaf-1a(config)# nxapi use-vrf management Warning: Management ACLs configured will not be effective for HTTP services. Please use iptables to restrict access.

Workaround

iptables rules are managed using a NXOS specific command "ip netns exec management iptables" see: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/programmability/guide/b_Cisco_Nexus_9000_Series_NX-OS_Programmability_Guide_7x/NX_API.html#concept_1BB6AE2F8269406D9D0B7656F65CF316

Further Problem Description