iptables active (exited)
iptables active (exited)
I have installed iptables.services on my centos 7 server. I have opened a port on the server but cannot use the port I then checked the list if it was there and I checked the status of iptables service and it says active (exited)
How do I get iptables service to run. I have tried to restart the service and restarting the server
How do I get iptables service to run. I have tried to restart the service and restarting the server
Re: iptables active (exited)
Did you disable the default firewalld?
Re: iptables active (exited)
The only job of the iptables service is to load your rules into the kernel. Once it has done this it exits. There's nothing else to do.
If it doesn't work your rules are wrong.
If it doesn't work your rules are wrong.
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: iptables active (exited)
Here you are wrong.
Firewalld (if it's not in disabled state) makes frequent checks and every rule not in its rule set will be removed.
That's why the question "Have you disabled the default firewall?" is quite relevant.
Firewalld (if it's not in disabled state) makes frequent checks and every rule not in its rule set will be removed.
That's why the question "Have you disabled the default firewall?" is quite relevant.
Re: iptables active (exited)
If that is the case why is my rule not working?
This is my rule: iptables -A INPUT -p tcp --dport xxx --syn -j ACCEPT
When I use tcping to probe the port it is not responding ergo it is not open.
And yes firewalld is disabled.
This is my rule: iptables -A INPUT -p tcp --dport xxx --syn -j ACCEPT
When I use tcping to probe the port it is not responding ergo it is not open.
And yes firewalld is disabled.
Re: iptables active (exited)
Is something listening to that port?
You could also try with nmap instead of tcping.
You could also try with nmap instead of tcping.
Re: iptables active (exited)
Yes something is listening to the port
Re: iptables active (exited)
What is the output from systemctl status firewalld ? If that is running then iptables-service is not used and you cannot amend the rules using the iptables command (as firewalld will remove any that it doesn't think should be there).
If you are running iptables and not firealld and ran that command as-is then it will have appended that rule to the end of the INPUT chain and the default chain already ends with a global -j REJECT so your newly append rule will never be reached.
Also, when you say the app is listening, is it listening on something other than localhost?
If you are running iptables and not firealld and ran that command as-is then it will have appended that rule to the end of the INPUT chain and the default chain already ends with a global -j REJECT so your newly append rule will never be reached.
Also, when you say the app is listening, is it listening on something other than localhost?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: iptables active (exited)
Firewalld is disabled
Status: ● firewalld.service
Loaded: masked (/dev/null; bad)
Active: inactive (dead)
Oct 15 16:18:14 localhost.localdomain systemd[1]: Cannot add dependency job for unit firewalld.service, ignoring: Unit is masked.
If I use iptables -L I can see my port is present and above REJECT.
Status: ● firewalld.service
Loaded: masked (/dev/null; bad)
Active: inactive (dead)
Oct 15 16:18:14 localhost.localdomain systemd[1]: Cannot add dependency job for unit firewalld.service, ignoring: Unit is masked.
If I use iptables -L I can see my port is present and above REJECT.