• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

CentOS / RHEL : iptables troubleshooting guide

by admin

The iptables utility controls the network packet filtering code in the Linux kernel. The iptables feature is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. The post discusses the most commonly encountered issues with iptables and how to resolve them.

iptables rules do not load after a reboot

you have set and saved iptables firewall rules and they are still not loaded after a reboot. After a reboot, the iptables rules are not loaded, and instead :
– The firewall rules need to be re-defined because the new rules were not saved/applied.
– The iptables service must be restarted in order for the rules to load.

troubleshooting
1. Ensure that the service is set to start on boot
1. Verify that the service was set to start on boot :

# chkconfig iptables --list
iptables          0:off   1:off   2:off   3:on    4:on    5:on    6:off

2. If iptables is off, then enable the service for runlevels 3-5

# chkconfig iptables on

2. Ensure that the rules were saved to disk
1. Verify that the new rules are saved in /etc/sysconfig/iptables.

2. If they were not saved, save the current rules after setting them by either of the two methods shown below:
a. Saving the rules through the iptables service command:

# service iptables save

b. Saving the output of the command below to the /etc/sysconfig/iptables file. You can also save the rules by manually writing them in the file.

# iptables-save

3. Ensure that the iptables modules are loaded on boot
1. Verify that the iptables module has been loaded immediately after boot.

RHEL 5 output should look something like:

# lsmod | grep tables
ip_tables              55457  1 iptable_filter
ip6_tables             50177  1 ip6table_filter
x_tables               50505  6 ipt_REJECT,xt_state,ip_tables,ip6t_REJECT,xt_tcpudp,ip6_tables

RHEL 6 output should look something like like:

# lsmod | grep table
iptable_filter          2793  1 
ip_tables              17831  1 iptable_filter
ip6table_filter         2889  1 
ip6_tables             19458  1 ip6table_filter

2. If the module is failing to load, Remove any blacklist lines for iptables modules from the modprobe configuration.

# grep -r iptables /etc/modprobe*
/etc/modprobe.d/blacklist.conf:blacklist iptables
/etc/modprobe.d/blacklist.conf:blacklist ip6tables

4. Check the tables to see if they are empty or missing rules
Below is an example of a flushed or empty table:

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain RH-Firewall-1-INPUT (0 references)
target     prot opt source               destination

5. Verify that the rules file has not changing after a reboot

# cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bkp
# reboot
# sdiff -s /etc/sysconfig/iptables /etc/sysconfig/iptables.bkp

6. Check to see if restarting the iptables service successfully loads the rules
Check if running ‘service iptables restart’ is required after booting and loads the tables fine.

# service iptables restart
# service iptables status
What causes iptables to load every time after a reboot even when it’s completely turned off
What causes iptables to load every time after a reboot even when it’s completely turned off

Filed Under: Linux

Some more articles you might also be interested in …

  1. bpftrace: command not found
  2. lsinitramfs: Listing the contents of the initrd file system.
  3. “not enough to start the array” – error while staring mdadm RAID array
  4. Linux OS Service ‘acpid’
  5. Understanding How Umask Controls the Initial File / Directory Permissions in Linux
  6. Apache HTTP server – most commonly used containers (special configuration directives)
  7. apt-add-repository Command Examples
  8. CentOS / RHEL 6 : How to configure kdump
  9. Example of using getnstimeofday in Linux kernel
  10. pidof: command not found

You May Also Like

Primary Sidebar

Recent Posts

  • powertop Command Examples in Linux
  • powertop: command not found
  • powerstat: command not found
  • powerstat Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright