[SOLVED] iptables not active/firewalld is - my web server is working but I have no idea why.
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
iptables not active/firewalld is - my web server is working but I have no idea why.
This is a copy of my /etc/sysconfig/iptables.conf (w/o comments):
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
- Added the port 80/21 entries.
vsftpd does work.
"iptables-save | grep 80" returns nothing.
My web server works (internal and external).
"systemctl is-active iptables" shows "inactive"
I have "just" gotten firewalld up and running thanks to questions answered here.
iptables is truly a mystery to me.
Can someone explain why my web server/vsftpd are up and working w/o iptables being active? How can I get my network and security both up and working safely together?
If I enable/activate iptables, is this going to break my web server?
As veerain said "Things would run even if iptables rules have not loaded. Unless you are doing NAT, etc.". As long as you are not blocking external traffic at router or via iptables for internal things will work fine.
What you said is that iptables isn't running that means any traffic is allowed to your system whether it is web or ftp or ssh or samba doesn't matter system will reply to all (provided that the service is running). Basically security is not there as your system is open to reply on all ports.
You have already configured rules for web and ftp in your iptables config so that turning iptables shouldn't be an issue. From the output you shared I can see those web and ftp lines are above explicit deny so things should work even with iptables on.