• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

CentOS / RHEL : iptables troubleshooting guide

by admin

The iptables utility controls the network packet filtering code in the Linux kernel. The iptables feature is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. The post discusses the most commonly encountered issues with iptables and how to resolve them.

iptables rules do not load after a reboot

you have set and saved iptables firewall rules and they are still not loaded after a reboot. After a reboot, the iptables rules are not loaded, and instead :
– The firewall rules need to be re-defined because the new rules were not saved/applied.
– The iptables service must be restarted in order for the rules to load.

troubleshooting
1. Ensure that the service is set to start on boot
1. Verify that the service was set to start on boot :

# chkconfig iptables --list
iptables          0:off   1:off   2:off   3:on    4:on    5:on    6:off

2. If iptables is off, then enable the service for runlevels 3-5

# chkconfig iptables on

2. Ensure that the rules were saved to disk
1. Verify that the new rules are saved in /etc/sysconfig/iptables.

2. If they were not saved, save the current rules after setting them by either of the two methods shown below:
a. Saving the rules through the iptables service command:

# service iptables save

b. Saving the output of the command below to the /etc/sysconfig/iptables file. You can also save the rules by manually writing them in the file.

# iptables-save

3. Ensure that the iptables modules are loaded on boot
1. Verify that the iptables module has been loaded immediately after boot.

RHEL 5 output should look something like:

# lsmod | grep tables
ip_tables              55457  1 iptable_filter
ip6_tables             50177  1 ip6table_filter
x_tables               50505  6 ipt_REJECT,xt_state,ip_tables,ip6t_REJECT,xt_tcpudp,ip6_tables

RHEL 6 output should look something like like:

# lsmod | grep table
iptable_filter          2793  1 
ip_tables              17831  1 iptable_filter
ip6table_filter         2889  1 
ip6_tables             19458  1 ip6table_filter

2. If the module is failing to load, Remove any blacklist lines for iptables modules from the modprobe configuration.

# grep -r iptables /etc/modprobe*
/etc/modprobe.d/blacklist.conf:blacklist iptables
/etc/modprobe.d/blacklist.conf:blacklist ip6tables

4. Check the tables to see if they are empty or missing rules
Below is an example of a flushed or empty table:

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain RH-Firewall-1-INPUT (0 references)
target     prot opt source               destination

5. Verify that the rules file has not changing after a reboot

# cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bkp
# reboot
# sdiff -s /etc/sysconfig/iptables /etc/sysconfig/iptables.bkp

6. Check to see if restarting the iptables service successfully loads the rules
Check if running ‘service iptables restart’ is required after booting and loads the tables fine.

# service iptables restart
# service iptables status
What causes iptables to load every time after a reboot even when it’s completely turned off
What causes iptables to load every time after a reboot even when it’s completely turned off

Filed Under: Linux

Some more articles you might also be interested in …

  1. Troubleshooting slow network communication or Connection Timeouts in Linux
  2. CentOS / RHEL : How to add, delete and display LVM tags
  3. Linux OS Service ‘NetFS’
  4. How to Disable/Enable Numa for Virtual Machine (XEN based)
  5. Linux File/Directory Permissions cheat sheet
  6. Cron Script does not Execute as Expected from crontab – Troubleshoot
  7. Insert into search_tmp… queries never ends
  8. net-snmp-create-v3-user: command not found
  9. How to use strace and ltrace commands in Linux
  10. How To Disable Or Extend System Logging Rate-limit on CentOS/RHEL 6

You May Also Like

Primary Sidebar

Recent Posts

  • vgextend Command Examples in Linux
  • setpci command – configure PCI device
  • db_load command – generate db database
  • bsdtar command – Read and write tape archive files

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright