Linux no iptables file

I Have No IPTables

I have something really weird going on that I can’t seem to find any reference to after a lot of googling. I seem to have no iptables. Not that the chains are flushed or that they are all ACCEPT rules or something, the tables themselves don’t seem to exist. Here is what I mean: The story is, my docker stopped working at some point in the last few months and I finally got around to fixing it. The error was being caused by the following command:

$ iptables -A DOCKER-ISOLATION-STAGE-1 -j RETURN iptables: No chain/target/match by that name. 

Which docker runs as part of its startup and which I tried to run manually to debug. So then I started messing around trying to add different chains and rules in different places, and everything was giving that error. So finally I tried to just list everything

$sudo iptables -S iptables: No chain/target/match by that name. $ sudo iptables -L iptables: No chain/target/match by that name. $ sudo iptables --list iptables: No chain/target/match by that name. 

# iptables -vL -t filter iptables: No chain/target/match by that name. # iptables -vL -t nat iptables: No chain/target/match by that name. # iptables -vL -t mangle iptables: No chain/target/match by that name. # iptables -vL -t raw iptables: No chain/target/match by that name. # iptables -vL -t security iptables: No chain/target/match by that name. 

# iptables -P INPUT ACCEPT iptables: Bad built-in chain name. 

doesn’t work. Has anyone seen this before? Is there any way to get the tables back? My system is Ubuntu 18.10 with Kernel 5.1.8

Updates

I have since added all the iptables modules to my /etc/modules and rebuilt the initramfs. The modules are now loaded on boot but it didn’t solve the problem. I found that the iptables-save command does not error, but it also only prints the following:

# Generated by iptables-save v1.6.1 on Tue Jun 11 17:35:52 2019 *nat COMMIT # Completed on Tue Jun 11 17:35:52 2019 # Generated by iptables-save v1.6.1 on Tue Jun 11 17:35:52 2019 *mangle COMMIT # Completed on Tue Jun 11 17:35:52 2019 # Generated by iptables-save v1.6.1 on Tue Jun 11 17:35:52 2019 *raw COMMIT # Completed on Tue Jun 11 17:35:52 2019 # Generated by iptables-save v1.6.1 on Tue Jun 11 17:35:52 2019 *security COMMIT # Completed on Tue Jun 11 17:35:52 2019 # Generated by iptables-save v1.6.1 on Tue Jun 11 17:35:52 2019 *filter COMMIT # Completed on Tue Jun 11 17:35:52 2019 

I also found that ip6tables appears to be working normally, its only iptables that is broken. Next I tried running some of the iptables commands in verbose mode.

# iptables -S -vv libiptc vlibxtables.so.12. 0 bytes. Table `filter' Hooks: pre/in/fwd/out/post = 7f68/9f6085dd/5616/9f60a8e0/5616 Underflows: pre/in/fwd/out/post = 36e4540/7fff/36e48e8/7fff/0 iptables: No chain/target/match by that name. 

# iptables -N DOCKER-ISOLATION-STAGE-1 -vv 

In verbose mode this commant doesn’t complete, the output is huge. I tried dumping it to a file but I killed it when that file reached 8.5GB in size. The output is all repitions of the following pattern:

libiptc vlibxtables.so.12. 1032595540 bytes. Table `filter' Hooks: pre/in/fwd/out/post = 7ffe/92c0b5dd/55a7/92c0d8e0/55a7 Underflows: pre/in/fwd/out/post = 3d8c10f0/7ffe/3d8c1498/7ffe/3d8c2854 Entry 0 (0): SRC IP: 0.0.0.0/0.0.0.0 DST IP: 0.0.0.0/0.0.0.0 Interface: `'/. to `'/. Protocol: 0 Flags: 00 Invflags: 00 Counters: 0 packets, 0 bytes Cache: 00000000 Target name: `' [0] verdict=0 Entry 0 (0): SRC IP: 0.0.0.0/0.0.0.0 DST IP: 0.0.0.0/0.0.0.0 Interface: `'/. to `'/. Protocol: 0 Flags: 00 Invflags: 00 Counters: 0 packets, 0 bytes Cache: 00000000 Target name: `' [0] verdict=0 

Источник

May 23, 2023: iRedMail-1.6.3 has been released.

• Spider Email Archiver: Lightweight on-premises email archiving software, developed by iRedMail team.
• Join our Telegram group (@iredmail_chat) to get help from other iRedMail users.

[ Closed ] (Solved) No iptables on Ubuntu 20.04.1 LTS / Security Issue

iRedMail → iRedMail Support → (Solved) No iptables on Ubuntu 20.04.1 LTS / Security Issue

You must login or register to post a reply

Posts: 8

1 Topic by baerengraben 2021-01-28 04:53:16 (edited by baerengraben 2021-01-30 18:42:54)

Topic: (Solved) No iptables on Ubuntu 20.04.1 LTS / Security Issue

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
— iRedMail version (check /etc/iredmail-release): 1.3.2 MARIADB edition.
— Deployed with iRedMail Easy or the downloadable installer? downloadable installer
— Linux/BSD distribution name and version: Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-64-generic x86_64)
— Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
— Web server (Apache or Nginx): Nginx
— Manage mail accounts with iRedAdmin-Pro? No
— [IMPORTANT] Related original log or error message is required if you’re experiencing an issue.
====

I just did a new installation of iredmail on a new installed Ubuntu 20.04.1 LTS. After finishing installation of iredmail, I noticed that the ireadmail rules for iptables (/etc/default/iptables) are not active at all.

This is what /iRedMail-1.3.2/runtime/install.log says:

[ INFO ] Copy firewall sample rules.
+ < DEBUG >Service control: enable iptables.
Failed to enable unit: Unit file iptables.service does not exist.
+ < DEBUG >Service control: enable ip6tables.
Failed to enable unit: Unit file ip6tables.service does not exist.
[ INFO ] Restarting firewall .
+ < DEBUG >Service control: restart iptables.
Failed to restart iptables.service: Unit iptables.service not found.
+ < DEBUG >Service control: restart ip6tables.
Failed to restart ip6tables.service: Unit ip6tables.service not found.

So far as I understand is, that Ubuntu is using ufw and has no «service» for iptables (anymore?).

How can I activate the rules for hardening the ireadmail server? Maybe the rules should be installed by ufw?

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Stable release is out.

Источник

First, firewald introduction and common commands

The configuration for firewalld is stored in various XML files in /usr/lib/firewalld/ and /etc/firewalld/.

The firewall is configured/usr/lib/firewalld/ System Configuration Directory & /etc/firewalld/ User Configuration Directoryin

Where /usr/lib/firewalld/services stores defined network service and port parameters, system parameters, cannot be modified

Note: The following firewalld operations are only valid after reboot: service firewalld restart

Firewall common command

Start: systemctl start firewalld

Close: systemctl stop firewalld

View status: systemctl status firewalld

Power on disable : systemctl disable firewalld

Power on: systemctl enable firewalld

Systemctl is a service management tool for CentOS7 and later. It combines the functions of previous service and chkconfig.

Start a service: systemctl start firewalld.service

Close a service: systemctl stop firewalld.service

Restart a service: systemctl restart firewalld.service

Display the status of a service: systemctl status firewalld.service

Enable a service at boot time: systemctl enable firewalld.service

Disable a service at boot time: systemctl disable firewalld.service

Check whether the service is powered on: systemctl is-enabled firewalld.service

View the list of started services: systemctl list-unit-files|grep enabled

View the list of services that failed to start: systemctl —failed

View the status of the firewall

Second, CentOS switches to iptables firewall

Step1: Close the firewall

Switch root identity su -, enter the root password

systemctl stop firewalld Close the firewall

systemctl disable firewalld.service Disable firewall boot

Step2: Install iptables firewall

yum installi ptables-services installation

Step3: Edit iptables firewall configuration

vim /etc/sysconfig/iptablesEdit the firewall configuration file

After opening, you can see the default rules in the firewall.

If you need to modify it, press i to enter the Inter editing template to redefine the rules.

Press Esc to exit editing, press :wq to save and exit

Step4: Open iptables

Service iptables start

Systemctl enable iptables.service Set the firewall to boot

Service iptables status View status

Iptables common commands

Start: service iptables start

Close: service iptables stop

Restart: service iptables restart

View status: service iptables status

Power on disable: chkconfig iptables off

Power on: chkconfig iptables on

Check if the firewall is booting: chkconfig iptables —list

Intelligent Recommendation

Under centos iptables installation

[[email protected] ~]# yum install iptables -y [[email protected] ~]# yum install iptables-services Check installation [[email protected] ~]# rpm -qa|grep iptables iptables-1.4.21-24.1.el7_5.x86.

Linux: What is the Mandrake 9.0 under the boot setting file / etc / sysconfig?

What is the MANDRAKE 9.0 in setting the file? Which projects with yellow fonts are especially important! clock In setting the time zone of our Linux host, you can use Greenwich time, which is standard.

How to modify the firewall settings when CentOS does not have an iptables file in the /etc/sysconfig/ path

To modify the port number of a program is not blocked by the firewall, many online tutorials are to directly modify the iptables file in the /etc/sysconfig/ path, but I did not find the iptables file .

Linux / etc / sysconfig / iptables configuration file

View firewall open port View firewall status Install iptables Start iptables.

Источник

Как найти конфиг, который использует iptables?

На сайте настроен iptables. Разрешает коннект к порту 3306 только для одного IP. IP сменился, нужно открыть конфиг фаервола и сменить IP.
Гуглю где находится его конфиг, гугль говорит, смотреть в /etc/sysconfig/iptables.old и в /etc/sysconfig/iptables-config.
Ага, думаю я, то что мне нужно, открываю эти конфиги, в них нет записи с нужным IP. Видимо iptables использует кастомный конфиг. Как узнать где он находится?

Выведите список через iptables -L
и удалите старое, добавьте новое

Если я не ошибаюсь, конфиг можно сохранить куда угодно.

In CentOS you have the file /etc/sysconfig/iptables
если его там нет, вы можете его создать, используя iptables-save, чтобы записать текущие правила в файл

iptables-save > /etc/sysconfig/iptables
чтобы загрузить файл, Вам не нужно перезагружать сервер, просто используйте iptables-restore

# iptables -A INPUT -i ens192 -p tcp -s x.x.x.x —dport 3306 -j ACCEPT

так добавить разрешение для подключения определенного IP? какую нибудь еще команду нужно вводить или что нибудь перезагружать?

mr_blond97: на счет этого, к сожалению помочь не могу. По умолчанию — все подключения разрешены. Надо смотреть, какое правило у Вас запрещало подключаться со всех ip, кроме старого и его менять.
ps
Если ответ помог, отметьте решением, пожалуйста.

iptables -S выведет список правил
=========
/etc/sysconfig/iptables-config
Не тот файл вы открываете.
mcedit /etc/sysconfig/iptables
меняете правило и
/etc/init.d/iptables restart

Итак, шаг номер раз:
iptables -L -n —line-numbers
эта команда выведет список всех имеющихся у Вас правил с номерами.

шаг номер 2:
iptables -D INPUT num, где num — номер запрещающего правила.
этой командой мы удаляем запрещающее правило

наг номер 3:
iptables -I INPUT 1 -p tcp -s x.x.x.x —dport 3306 -j ACCEPT
этой командой мы добавляем новое разрешающее правило в цепочку INPUT и ставим его первым. На случай, если у Вас в конце цепочки написано что-то типа -A INPUT -j REJECT —reject-with icmp-host-prohibited

если что-то не получается — пришлите вывод iptables -L -n —line-numbers, бум думать.

Войдите, чтобы написать ответ

Как настроить соответствие между поддоменами и хостами в локальной сети?

Источник