Iptables how to only allow local access to the specified port and not allow external access.

  html5, question
# Generated by iptables-save v1.4.8 on Sat Jun 15 23:23:13 2013
 *filter
 :INPUT ACCEPT [35:6316]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [17:1648]
 -A INPUT -p tcp -m tcp --dport 30009 -j REJECT
 -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 30009 -j ACCEPT
 COMMIT
 # Completed on Sat Jun 15 23:23:13 2013

This does not seem to work.

This is the case on the server

telnet 127.0.0.1 30009
 Trying 127.0.0.1  ...
 telnet: Unable to connect to remote host: Connection refused

The two lines are reversed …

Iptables is executed when it meets a match, so it was REJECT first, and the following rules did not work.