Restart firewall got hangs

Support for security such as Firewalls and securing linux
qzaqza15
Posts: 4
Joined: 2017/08/09 07:42:00

Restart firewall got hangs

Postby qzaqza15 » 2017/09/14 10:28:40

The flow is as stated below:

After I run the command:

Code: Select all

service iptables restart


The is what it prompt and we can see that flush firewall rules and unloading modules works fine except the last step which is applying firewall rules.

Code: Select all

iptables: Setting chains to policy ACCEPT: nat filter      [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         


It keep on hanging for more than one hour and I don't know should I force close it or not. Anyone could give me some advice on how to exit this in proper way or what may be the cause of it?

User avatar
TrevorH
Forum Moderator
Posts: 21002
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Restart firewall got hangs

Postby TrevorH » 2017/09/14 10:53:56

If you did that via an ssh session then try starting a new ssh session, login and check the state of your rules now. When you restart iptables like that it can interrupt existing connections and one of those would be your ssh connection.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

qzaqza15
Posts: 4
Joined: 2017/08/09 07:42:00

Re: Restart firewall got hangs

Postby qzaqza15 » 2017/09/14 10:59:52

Thanks for reply
check the state of your rules


I have start a new ssh session but I not sure how to check the state of firewall rules.

This is the command I use to check the state of firewall

Code: Select all

iptables -L -n


And it display firewall rules so it should means the firewall is working.

User avatar
TrevorH
Forum Moderator
Posts: 21002
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Restart firewall got hangs

Postby TrevorH » 2017/09/14 14:53:10

iptables-save should show them all.

You can't really restart iptables from an ssh connected session as it always has the possibility of stopping the session you're running in. If you want to amend the rules then use the iptables command itself to -A append or -I insert new rules in the correct places.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

qzaqza15
Posts: 4
Joined: 2017/08/09 07:42:00

Re: Restart firewall got hangs

Postby qzaqza15 » 2017/09/15 09:29:42

Okay, thanks for your help.