[SOLVED] How to restart iptables service in Debian?

hack3rcon · 10-01-2017, 10:55 AM

Quote:

Originally Posted by Turbocapitalist

Correct. It is impossible in all Linux-based operating systems, not just Debian GNU/Linux. See the various comments above for different phrasing of the same message.

What are you really trying to do there?

Redhat can do it!!!

hack3rcon · 10-01-2017, 10:59 AM

Quote:

Originally Posted by !!!

Yes, but there may be a iptables-restore<file here: https://wiki.debian.org/iptables
&more here: https://wiki.debian.org/DebianFirewall

Or you can 'forget' iptables entirely, and use ufw (I think!!!): https://www.digitalocean.com/communi...n-cloud-server

There is no concept of "reload/restart" for this kernel ip fw "table".
This *table* is not a process, so it cannot be stopped/started/restarted
(like a data array in memory cannot be ditto)

I guess "ufw" using iptables with a friendly syntax. Is "ufw" flexible like iptables?
How about "firewall-cmd"?

Turbocapitalist · 10-01-2017, 11:04 AM

UFW is just a front end for iptables. You can use it or GUFW, the graphical front end for UFW. But at the end of the day those are only making rules in iptables chains even if they are hidden behind the UFW / GUFW interfaces. It will provide some options but not many, especially compared to plain iptables.

firewall-cmd is more of the same, just more complex. In my opinion it is more complicated that plain iptables.

Either way, your best option for precision and flexibility is to take away all the extra levels of abstraction and obfuscation and use just plain iptables. So I'll ask again, what are you really trying to do?

hack3rcon · 10-07-2017, 02:46 AM

Quote:

Originally Posted by Turbocapitalist

UFW is just a front end for iptables. You can use it or GUFW, the graphical front end for UFW. But at the end of the day those are only making rules in iptables chains even if they are hidden behind the UFW / GUFW interfaces. It will provide some options but not many, especially compared to plain iptables.

firewall-cmd is more of the same, just more complex. In my opinion it is more complicated that plain iptables.

Either way, your best option for precision and flexibility is to take away all the extra levels of abstraction and obfuscation and use just plain iptables. So I'll ask again, what are you really trying to do?

Just restart iptables when it is crashed or...

Turbocapitalist · 10-07-2017, 02:56 AM

Quote:

Originally Posted by hack3rcon

Just restart iptables when it is crashed or...

Ok. Thanks.

It appears this thread was just a matter of using the correct terminology.

Only separate programs can be "restarted". iptables is part of the kernel, not a separate program. It is a list that can be "cleared" but not "restarted". Instructions in how to clear iptables were given in #5 and #9 above.

Same goes for "crash". iptables cannot crash or rather if it does it will take the kernel, and thus the whole system, down with it. You can however fill up iptable chains with rules that will completely block your network access.

If in doubt about all that see the manual page for iptables itself.

Code:

man iptables

When you ask about iptables in the future, remember to use the relevant terminology.

sman123 · 03-22-2018, 03:56 PM

Lots of bad info in this thread.

Yes you can restart iptables in Redhat/CentOS and also Debian

CE6
service iptables restart

CE7
systemctl restart iptables

Debian 8 (jessie) assumes netfilter-persistent (formerly iptables-persistent) package is installed
systemctl restart netfilter-persistent

We can argue over what is actually happening when restarting but for all intents and purposes you are getting the expected behavior when restarting. It removes all iptables rules and then loads the saved rules. Not sure about Debian but on RH/CE I think it reloads iptables kernel modules.