Linux – iptables not starting on CentOS 6

centosiptableslinux

I am running CentOS release 6.5 (Final) and cannot figure out why my iptables is not starting.
I may have executed some other command to permanently prevent the start up of iptables; I do not remember. However, now I need iptables running, but cannot get it started.

Any suggestions?

[root@server1 log]# chkconfig iptables --list
iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off

[root@server1 log]# service iptables status
iptables: Firewall is not running.


[root@server1 log]# service iptables start


[root@server1 log]# service iptables status
iptables: Firewall is not running.

UPDATE:

I have looked at this a bit more and did an strace on /etc/init.d/iptables start and saw this message about no such file or directory.

stat("/var/lock/subsys/iptables", 0x7ffff80481d0) = -1 ENOENT (No such file or directory)

So I created this file, changed the perms and then started iptables.
iptables still did not start, but I now get a message about "Firewall modules are not loaded."

This server had many security hardening changes made to it. Could this be the issue?

touch /var/lock/subsys/iptables
chmod 640 /var/lock/subsys/iptables

service iptables start
service iptables status
iptables: Firewall modules are not loaded.

UPDATE 2:

I rebooted after creating the subsys/iptables file and it was no longer there. All of my other services are running fine and start/stop without any problems.

UPDATE 3:

To ensure that iptables magically cured itself I rebooted the server. However after reboot the service is NOT running anymore.

— BEFORE I REBOOTED —

[root@server1 ~]# who -r
run-level 5 2014-09-10 13:47

[root@server1 ~]# chkconfig –list iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off

[root@server1 ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination

Chain FORWARD (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

[root@server1 ~]# shutdown -r now

— AFTER I REBOOTED —

[root@server1 ~]# service iptables status
iptables: Firewall is not running.

[root@server1 ~]# chkconfig –list iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Best Answer

I was facing the same problem and I found a simple way to resolve it:

  1. Make sure your system has iptables's config file:

    ls -l /etc/sysconfig/iptables

  2. In my case, I found two files in this folder:

    iptables-config  iptables.old

  3. You should rename iptables.old to iptables (or create a new one) because only iptables will be accepted.

  4. Try to start iptables again.

    service iptables start
iptables: Applying firewall rules:                         [  OK  ]
Related Question