How to start/stop default iptables

Hi all,

Debian 7.3 64bit

Is there an easier way to stop/start the default iptables? (I haven't added any rules other than the default)

On searching I found;
HowTo Disable The Iptables Firewall in Linux
http://www.cyberciti.biz/faq/turn-on...wall-in-linux/

RE: A note about other Linux distribution

Code:

If you are using other Linux distribution such as Debian / Ubuntu / Suse / Slakcware Linux etc., try the following generic proc

1)
First, run
# iptables-save > /root/firewall.rules

2)
Then run following commands as root

Code:

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

Or create shell script as advised to stop iptables.

3)
To restore or turn on firewall type the following command:
# iptables-restore < /root/firewall.rules

Advice would be appreciated. Thanks.

Rgds
satimis

That's just it; you can't "stop" iptables because it's an integral part of the Linux kernel, not a running process.

You prevent iptables from blocking/redirecting/modifying packets by clearing the ruleset and setting the policies on all chains in all tables to ACCEPT, which is what the commands in 2) above, do.

Quote:

Originally Posted by Ser Olmy That's just it; you can't "stop" iptables because it's an integral part of the Linux kernel, not a running process. You prevent iptables from blocking/redirecting/modifying packets by clearing the ruleset and setting the policies on all chains in all tables to ACCEPT, which is what the commands in 2) above, do.

Hi,

Thanks for your advice.

How about ufw on following link
How to start/stop iptables in Ubuntu 12.04?
http://askubuntu.com/questions/16155...n-ubuntu-12-04

Can it work on Debian 7.3?

satimis

I was waiting for a referance to those services.

Several distributions have, for various reasons, introduced a daemon for managing the iptables ruleset. ufw is the "uncomplicated firewall" in Ubuntu; it's quite easy to manage and generates a very much non-uncomplicated iptables ruleset.

Then there is firewalld in Fedora, which up until quite recently used what was possibly the most ham-fisted approach imaginable to manage firewall rules, and was unable to reload the ruleset without breaking every existing connection.

I don't know what happens if you "stop" (that is, send a SIGTERM to) these daemons. Perhaps they clean up by flushing the ruleset before they exit. Perhaps they do nothing at all and leave the ruleset intact. You'll have to read the documentation for the service in question to find out.

In any case, such daemons are distribution-specific and only act as an abstraction layer on top of the real firewall, iptables. Flushing the ruleset with a script containing the commands you listed will work on any distribution (although one should probably kill off any "firewall" daemons first to prevent them from partially or fully reloading the ruleset).

Hi,

Quote:

Originally Posted by satimis How about ufw on following link How to start/stop iptables in Ubuntu 12.04? http://askubuntu.com/questions/16155...n-ubuntu-12-04 Can it work on Debian 7.3?

ufw is one of many firewall frontends packaged for Debian 7. You can install it with apt-get or synaptic etc. If you just want to do basic stuff, eg block a few ports and perhaps do some natting, then arno-iptables-firewall with the debconf management is a pretty good option.

Evo2.