Red HatThis forum is for the discussion of Red Hat Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
When I configure the Firewall as the subsequence:
# iptables -A INPUT -s 192.168.123.32 -J REJECT
I find the iptables service is starting automatically,since the firewall was shutdown before.
Now, I try to stop this iptables service:
# service iptables stop
Every entry displayes "OK". but when start the iptables service again:
# service iptables start
Not any status appear. I had to check the service status again:
# service iptables stauts
Firewall is stopped
At this point, it seems that I could not start the Firewall again. After repeat "iptables -L", what I've configured to block 192.168.123.32 is disappeared! and "# service iptables status" says more information about the Firewall is running again.
I'm confused by this issue, as a newbie for Linux security. Would you please give me some advice?
Iptables is both a kernel module that does network packet filtering and a userland program to query and set the state of the kernel module rules. In your case, it is apparently also a system 'service'. As a kernel module, it is always 'on'. Your 'service' is simply a script that pushes configuation rules into iptables, to make it behave in various different ways. In this sense only, it may have a status of 'Started' or 'Stopped'. You can query the state of iptables independently, as you have done. You can also add or remove rules independently. Running the service script will probably undo any rules that you add independently. I suggest that you examine the script that runs as a service, and try to determine what the 'stop', 'start', and possibly 'restart' functions are actually doing. Perhaps you will want to post some code fragments from it, here, for explanation.
Rod, thanks for your mention,I've gotten the answer by RedHat iptables manual. The iptables chains is only active when the service is "start", if reboot or logout, these chains will be cleared and reseted automatically. In order to save the rules, execute "service iptables save", then the existed rules will be implemented as srevice starts up. That's why there's no [OK] information in my earlier "servce iptables start|stop". I paste both the previous testing and fixing steps here for deferring.
Rod, thanks for your mention,I've gotten the answer by RedHat iptables manual. The iptables chains is only active when the service is "start", if reboot or logout, these chains will be cleared and reseted automatically. In order to save the rules, execute "service iptables save", then the existed rules will be implemented as srevice starts up. That's why there's no [OK] information in my earlier "servce iptables start|stop". I paste both the previous testing and fixing steps here for deferring.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
