2

How do you start or stop IP Tables

service iptables status

Unit iptables.service could not be found.



systemctl start iptables

Failed to start iptables.service: Unit iptables.service not found.

I found this file But there's no Indication of a start function

/usr/sbin/iptables-apply

I ran find / -name "iptables" and got this

/usr/bin/iptables-xml
/usr/lib/python3/dist-packages/ufw/backend_iptables.py
/usr/lib/python3/dist-packages/ufw/__pycache__/backend_iptables.cpython-36.pyc
/usr/sbin/iptables-apply
/usr/share/bash-completion/completions/iptables
/usr/share/iptables
/usr/share/iptables/iptables-rules
/usr/share/iptables/iptables.xslt
/usr/share/ufw/iptables
/usr/share/doc/iptables
/usr/share/zsh/functions/Completion/Linux/_iptables
/usr/share/man/man8/iptables-extensions.8.gz
/usr/share/man/man8/iptables.8.gz
/usr/share/man/man8/iptables-restore.8.gz
/usr/share/man/man8/iptables-save.8.gz
/usr/share/man/man8/iptables-apply.8.gz
/usr/share/man/man1/iptables-xml.1.gz
/usr/share/mime/text/x-iptables.xml
/usr/local/share/doc/pgl/examples/iptables-custom-remove.sh
/usr/local/share/doc/pgl/examples/iptables-custom-insert.sh
/usr/local/var/lib/pgl/.pglcmd.iptables.remove.sh
/etc/rsyslog.d/my_iptables.conf
/sbin/iptables-restore
/sbin/iptables
/sbin/iptables-save
/var/log/iptables.log
/var/lib/dpkg/info/iptables.md5sums
/var/lib/dpkg/info/iptables.list

So where exactly does it start?

  • 2
    Being rude towards others is a bad thing. iptables isn't a service you 'stop'. It's the underlying system firewall. You can remove iptables, but its not a service you can 'stop'. What's the actual issue you're having? – Thomas Ward Jun 04 '18 at 13:34
  • "so many people" out of any contextual reference frame is an exaggeration of truth. As a professional linux adminstrator myself, I can confirm that iptables is just a program that allows you to see the rules in place for the underlying netfilter system. ufw is another similar program. The filtering is done at a non-service level so there is no iptables service that really loads up at boot - it's just 'omnipresent'. The only thing that you could do is a boot script that either loads up rules or flushes out rules to get back to a 'default' empty ruleset state – Thomas Ward Jun 04 '18 at 13:38
  • This being said, the original statement of "iptables is not a service" remains valid here. – Thomas Ward Jun 04 '18 at 13:39
  • If you wish to discuss further, we can in chat. However, iptables is just a front-end interface to the underlying netfilter rulesets loaded up in memory for use at the kernel layer. There's no iptables or netfilter program you can start or stop. – Thomas Ward Jun 04 '18 at 13:43
  • RHEL/Fedora runs iptables as a service, Debian/Ubuntu does not. use iptables-persistant . See https://askubuntu.com/questions/119393/how-to-save-rules-of-the-iptables – Panther Jun 04 '18 at 14:55

1 Answers1

2

iptables is part of the kernel / netfilter. It's not a specific service or program that you can 'start' or 'stop'. It's ever-present, the only thing of relevance is what rules are loaded into it at a given time.

That means that the iptables command you call is actually just a front-end that helps with understanding / reading / interpreting / configuring the underlying netfilter rules at the system/kernel level for that boot session. There is no given 'program' you can start or stop to disable iptables - there's commands you can run which do this (such as iptables -F among others), but there's no specific service to start or stop.

In comments, you refer to "other people" saying that it is a service. In many cases, this isn't actually a service per-se, it's just a service-executable script which handles loading / unloading iptables rulesets.

There may be other distributions that ship these types of service scripts that manipulate iptables - indeed, I myself have a service script on my computer that has a 'start' and 'stop' call which either loads iptables rules from a file, or correspondingly clears out all rules and sets things back to the system default of 'accept all'. This is, however, not shipped in the Ubuntu repositories, it's a script I wrote (and for 'fragile code' reasons I am not willing to share this at this time).

Ubuntu doesn't provide such service scripts for iptables. You would need to write your own. Or, consider using ufw if you want something simpler to maintain that you can load with system utilities (though, these are also 'scripts' that more or less control whether the ufw-defined rulesets are enabled or not, and you're really supposed to use ufw enable / ufw disable instead of those service scripts).

Thomas Ward
  • 74,764
  • those are Metasploit specific documentations, but I can't testify to whether their exploit documentation is valid or not for Ubuntu. "Linux" exploits aren't necessarily always going to target all versions of Linux, and I am not an expert when it comes to the various README documentations about various Metasploit exploits,. – Thomas Ward Jun 04 '18 at 14:32