iptables active (exited)

General support questions
webnoob
Posts: 37
Joined: 2017/02/01 11:26:27

iptables active (exited)

Post by webnoob » 2018/10/15 19:34:39

I have installed iptables.services on my centos 7 server. I have opened a port on the server but cannot use the port I then checked the list if it was there and I checked the status of iptables service and it says active (exited)

How do I get iptables service to run. I have tried to restart the service and restarting the server

tunk
Posts: 1205
Joined: 2017/02/22 15:08:17

Re: iptables active (exited)

Post by tunk » 2018/10/15 19:55:01

Did you disable the default firewalld?

chemal
Posts: 776
Joined: 2013/12/08 19:44:49

Re: iptables active (exited)

Post by chemal » 2018/10/15 19:56:37

The only job of the iptables service is to load your rules into the kernel. Once it has done this it exits. There's nothing else to do.

If it doesn't work your rules are wrong.

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: iptables active (exited)

Post by hunter86_bg » 2018/10/16 03:41:14

Here you are wrong.
Firewalld (if it's not in disabled state) makes frequent checks and every rule not in its rule set will be removed.
That's why the question "Have you disabled the default firewall?" is quite relevant.

webnoob
Posts: 37
Joined: 2017/02/01 11:26:27

Re: iptables active (exited)

Post by webnoob » 2018/10/16 13:19:03

If that is the case why is my rule not working?
This is my rule: iptables -A INPUT -p tcp --dport xxx --syn -j ACCEPT

When I use tcping to probe the port it is not responding ergo it is not open.

And yes firewalld is disabled.

tunk
Posts: 1205
Joined: 2017/02/22 15:08:17

Re: iptables active (exited)

Post by tunk » 2018/10/16 14:27:18

Is something listening to that port?
You could also try with nmap instead of tcping.

webnoob
Posts: 37
Joined: 2017/02/01 11:26:27

Re: iptables active (exited)

Post by webnoob » 2018/10/16 14:31:46

Yes something is listening to the port

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: iptables active (exited)

Post by TrevorH » 2018/10/16 15:01:13

What is the output from systemctl status firewalld ? If that is running then iptables-service is not used and you cannot amend the rules using the iptables command (as firewalld will remove any that it doesn't think should be there).

If you are running iptables and not firealld and ran that command as-is then it will have appended that rule to the end of the INPUT chain and the default chain already ends with a global -j REJECT so your newly append rule will never be reached.

Also, when you say the app is listening, is it listening on something other than localhost?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

webnoob
Posts: 37
Joined: 2017/02/01 11:26:27

Re: iptables active (exited)

Post by webnoob » 2018/10/16 17:23:44

Firewalld is disabled
Status: ● firewalld.service
Loaded: masked (/dev/null; bad)
Active: inactive (dead)

Oct 15 16:18:14 localhost.localdomain systemd[1]: Cannot add dependency job for unit firewalld.service, ignoring: Unit is masked.

If I use iptables -L I can see my port is present and above REJECT.

webnoob
Posts: 37
Joined: 2017/02/01 11:26:27

Re: iptables active (exited)

Post by webnoob » 2018/10/17 17:54:50

No new suggestions?

Post Reply