The newest fedora has firewalld as new firewall aplication. I liked old iptables services. I want them back but have no idea how to do that. I have tried :
systemctl disable firewalld.service systemctl stop firewalld.service systemctl enable iptables.service systemctl enable ip6tables.service systemctl start iptables.service systemctl start ip6tables.serviceBut it does not work! Didn't find any help on wiki or google.
Disabling firewalld work ok, but when I'm trying to enable iptables.service I get:
systemctl enable iptables.service Failed to issue method call: No such file or directory
asked Jan 18, 2013 at 9:07
1
Make sure you have the iptables-services package installed. This legacy package provides the systemd scripts for the previous iptables invocation. This package is not always installed, depending on your installation choices when you installed (or upgraded).
yum install iptables-servicesAnd of course, if possible, you should use the new firewalld system. It should only be necessary to revert to the old system if firewalld fails to provide a feature you need.
answered Jan 18, 2013 at 9:21
Michael HamptonMichael Hampton
239k42 gold badges485 silver badges947 bronze badges
1
This can be tricky.
Definitely
# yum install iptables-services # systemctl start iptables # systemctl enable iptables # iptables -P INPUT ACCEPT # iptables -F # the policy is so you don't cut yourself off here # ... # ... (iptables policies and rules as desired) # iptables -P INPUT DROP # assumes you have input filters to keep ports open (optional) # service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]then you have the persistent firewall rules.... BUT
consider well before veering from qfirewalldq. If you plan to use docker and containers, or Nessus, for now you have no choice, but firewalld does play well with most platforms/apps.
masegaloeh
18.1k10 gold badges56 silver badges105 bronze badges
answered Dec 17, 2014 at 1:10
0
When trying to start/enable the iptables daemon you receive the errors: # systemctl enable iptables
Failed to issue method call: Access denied # systemctl start iptables
Failed to start iptables.service: Unit iptables.service failed to load: No such file or directory. Starting with RHEL 7, firewalld is introduced and by default the iptables package is not installed on the system. This is done to avoid conflict in running both iptables
and firewalld. Make sure you have the iptables-services package installed. This legacy package provides the systemd scripts for the previous iptables invocation. This package is not always installed, depending on your installation choices when you installed (or upgraded).Problem:
Solution:
The package “iptables-services” needs to be installed before you are able to start the service.
# yum install iptables-services
I installed CentOS 7 with minimal configuration (os + dev tools). I am trying to open 80 port for httpd service, but something wrong with my iptables service ... what's wrong with it? What am I doing wrong?
# ifconfig/sbin/service iptables save bash: ifconfig/sbin/service: No such file or directory # /sbin/service iptables save The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl. # sudo service iptables status Redirecting to /bin/systemctl status iptables.service iptables.service Loaded: not-found (Reason: No such file or directory) Active: inactive (dead) # /sbin/service iptables save The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl. # sudo service iptables start Redirecting to /bin/systemctl start iptables.service Failed to issue method call: Unit iptables.service failed to load: No such file or directory.
peterh
11.2k17 gold badges84 silver badges103 bronze badges
asked Jul 15, 2014 at 10:49
3
With RHEL 7 / CentOS 7, firewalld was introduced to manage iptables. IMHO, firewalld is more suited for workstations than for server environments.
It is possible to go back to a more classic iptables setup. First, stop and mask the firewalld service:
systemctl stop firewalld systemctl mask firewalldThen, install the iptables-services package:
yum install iptables-servicesEnable the service at boot-time:
systemctl enable iptablesManaging the service
systemctl [stop|start|restart] iptablesSaving your firewall rules can be done as follows:
service iptables saveor
/usr/libexec/iptables/iptables.init saveanswered Jul 18, 2014 at 14:29
SgaduuwSgaduuw
3,5601 gold badge14 silver badges11 bronze badges
12
RHEL and CentOS 7 use firewall-cmd instead of iptables. You should use that kind of command:
# add ssh port as permanent opened port firewall-cmd --zone=public --add-port=22/tcp --permanentThen, you can reload rules to be sure that everything is ok
firewall-cmd --reloadThis is better than using iptable-save, espacially if you plan to use lxc or docker containers. Launching docker services will add some rules that iptable-save command will prompt. If you save the result, you will have a lot of rules that should NOT be saved. Because docker containers can change them ip addresses at next reboot.
Firewall-cmd with permanent option is better for that.
Check "man firewall-cmd" or check the official firewalld docs to see options. There are a lot of options to check zones, configuration, how it works... man page is really complete.
I strongly recommand to not use iptables-service since Centos 7
mikemaccana
102k92 gold badges369 silver badges465 bronze badges
answered Aug 10, 2014 at 15:12
Metal3dMetal3d
2,8951 gold badge21 silver badges29 bronze badges
2
I had the problem that rebooting wouldn't start iptables.
This fixed it:
yum install iptables-services systemctl mask firewalld systemctl enable iptables systemctl enable ip6tables systemctl stop firewalld systemctl start iptables systemctl start ip6tablesanswered Aug 4, 2014 at 3:23
parpar
17k4 gold badges63 silver badges78 bronze badges
1
Try the following command iptables-save.
Lkopo
4,7588 gold badges34 silver badges60 bronze badges
answered Sep 11, 2014 at 14:30
2
I modified the /etc/sysconfig/ip6tables-config file changing:
IP6TABLES_SAVE_ON_STOP="no"To:
IP6TABLES_SAVE_ON_STOP="yes"And this:
IP6TABLES_SAVE_ON_RESTART="no"To:
IP6TABLES_SAVE_ON_RESTART="yes"This seemed to save the changes I made using the iptables commands through a reboot.
bjb568
10.8k11 gold badges49 silver badges71 bronze badges
answered Oct 7, 2014 at 22:24
DugDug
671 silver badge1 bronze badge
1
Put the IPtables configuration in the traditional file and it will be loaded after boot:
/etc/sysconfig/iptables
answered Nov 22, 2014 at 8:40
BVB MediaBVB Media
1772 silver badges4 bronze badges
Last month I tried to configure iptables on a LXC VM container, but every time after reboot the iptables configuration was not automatically loaded.
The only way for me to get it working was by running the following command:
yum -y install iptables-services; systemctl disable firewalld; systemctl mask firewalld; service iptables restart; service iptables save
answered Apr 5, 2017 at 6:53
BVB MediaBVB Media
1772 silver badges4 bronze badges
1
And to add, you should also be able to do the same for ip6tables after running the systemctl mask firewalld command:
systemctl start ip6tables.service systemctl enable ip6tables.serviceanswered Apr 6, 2015 at 4:33
If you do so, and you're using fail2ban, you will need to enable the proper filters/actions:
Put the following lines in /etc/fail2ban/jail.d/sshd.local
[ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] logpath = /var/log/secure maxretry = 5 bantime = 86400Enable and start fail2ban:
systemctl enable fail2ban systemctl start fail2banReference: //blog.iopsl.com/fail2ban-on-centos-7-to-protect-ssh-part-ii/
answered Nov 13, 2015 at 16:54
SebasSebas
20.9k9 gold badges53 silver badges109 bronze badges