[SOLVED] How to restart iptables service in Debian?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
https://duckduckgo.com/?q=How+to+res...vice+in+Debian
well f*ck me, you asked that very same question 1 year ago!
since it seems you were unable to solve it then, i guess one of the other search results will do you.
i have to ask this, without irony or sarcasm or trying to dis you, honest question:
do you suffer from some form of memory loss?
because if you do, you should tell us, it would help us to deal with your questions in a more appropriate manner.
In other Distro like Redhat you can do:
Code:
# yum install iptables-services
# service iptables stop
It's probably in iptables-persistent which uses the /etc/iptables/rules.v4 to make your (ipv4) rules persistent. Most times I have a script that sets my rules. Which clears all rules as the first step. But probably not best practices if connected to the internet on a high speed connection.
To flush and clear/delete ALL the rules. Well almost all, there's also mangle, filter, raw, and probably other tables besides nat. Although not used much in consumer land.
From the "Similar Threads" section at the bottom of all LQ posts, https://www.linuxquestions.org/quest...6/#post5640900
all those iptables commands just store stuff in the kernel. There's no process (to restart)!!!
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,195
Rep:
My preference is still to set up a shell script which contains all iptables commands. Starting with disabling forwarding, setting the default policies for all tables and flush the tables. And then set up every rule.
Advantages of this approach are that every time you run you script you are assured to start from a fresh, known state. You can create variables to make you script more readable and make changes in one place if you have to change one setting in a lot of places. And you can build in conditionals.
There are many examples on the internet on how to create firewall scripts.
There is no "start" or "restart" in iptables. There is only the set of chains of rules held in memory. If you want to clear the chains, then clear the chains:
Code:
ip6tables --policy INPUT ACCEPT;
ip6tables --policy OUTPUT ACCEPT;
ip6tables --policy FORWARD ACCEPT;
ip6tables -Z; # zero counters
ip6tables -F; # flush (delete) rules
ip6tables -X; # delete all extra chains
iptables --policy INPUT ACCEPT;
iptables --policy OUTPUT ACCEPT;
iptables --policy FORWARD ACCEPT;
iptables -Z; # zero counters
iptables -F; # flush (delete) rules
iptables -X; # delete all extra chains
That will give you a blank slate with no rules in the kernel from there you can load new ones.
There is no "start" or "restart" in iptables. There is only the set of chains of rules held in memory. If you want to clear the chains, then clear the chains:
Code:
ip6tables --policy INPUT ACCEPT;
ip6tables --policy OUTPUT ACCEPT;
ip6tables --policy FORWARD ACCEPT;
ip6tables -Z; # zero counters
ip6tables -F; # flush (delete) rules
ip6tables -X; # delete all extra chains
iptables --policy INPUT ACCEPT;
iptables --policy OUTPUT ACCEPT;
iptables --policy FORWARD ACCEPT;
iptables -Z; # zero counters
iptables -F; # flush (delete) rules
iptables -X; # delete all extra chains
That will give you a blank slate with no rules in the kernel from there you can load new ones.
There is no concept of "reload/restart" for this kernel ip fw "table".
This *table* is not a process, so it cannot be stopped/started/restarted
(like a data array in memory cannot be ditto)
Correct. It is impossible in all Linux-based operating systems, not just Debian GNU/Linux. See the various comments above for different phrasing of the same message.
It depends on how you define impossible or define restart. You can clear the rules, and unload the kernel modules (if they were compiled as modules). And then reload the modules. And reload the rules. Not really a restart though. And no simple or automated way to do that outside of a reboot.
It depends on how you define impossible or define restart. You can clear the rules, and unload the kernel modules (if they were compiled as modules). And then reload the modules. And reload the rules. Not really a restart though. And no simple or automated way to do that outside of a reboot.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.