We are starting CHRISTMAS Sale. Get 30% OFF on lifetime licenses with code: FYSKK72

How to know if iptables is running?

General questions about VestaCP
skurudo
VestaCP Team
Posts: 7807
Joined: Fri Dec 26, 2014 2:23 pm
Location: Moscow
Contact:

Re: How to know if iptables is running?

Postby skurudo » Fri Oct 30, 2015 1:40 pm

iptables not a standrt linux servce and hard to say, how much time it's works.
There is no solution yet.
-> DigitalOcean competition - please, support us
-> fix for phpmyadmin - nice and sweet now

jonn
Posts: 72
Joined: Sun Jun 08, 2014 12:18 pm

Re: How to know if iptables is running?

Postby jonn » Fri Nov 13, 2015 1:57 am

check iptables is on root

Code: Select all

iptables -L -n


if chains appear its on.

drabello
Posts: 4
Joined: Tue May 24, 2016 7:54 am

Re: How to know if iptables is running?

Postby drabello » Tue May 24, 2016 8:02 am

Same problem here, I'm not sure if it's working or not.

Vesta shows:
iptables
firewall
CPU: 0Memory: 0 mb
Uptime: 0 minutes

Code: Select all

-$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-ssh
-A fail2ban-ssh -j RETURN
-A fail2ban-ssh -j RETURN
~$ sudo iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-SSH
-N fail2ban-VESTA
-N fail2ban-ssh
-N vesta
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-VESTA
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587,2525 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 110,995 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 143,993 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 3306,5432 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -s IP*** -j ACCEPT
-A INPUT -s IP*** -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 20 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 25 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 110 -j ACCEPT
-A INPUT -p udp -m udp --sport 123 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 5432 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8433 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8083 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 12000:12100 -j ACCEPT
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A fail2ban-SSH -j RETURN
-A fail2ban-VESTA -j RETURN
-A fail2ban-ssh -j RETURN
-A fail2ban-ssh -j RETURN


Code: Select all

~$ service iptables start
iptables: unrecognized service


Code: Select all

~$ sudo ufw status
Status: inactive

skurudo
VestaCP Team
Posts: 7807
Joined: Fri Dec 26, 2014 2:23 pm
Location: Moscow
Contact:

Re: How to know if iptables is running?

Postby skurudo » Tue May 24, 2016 1:59 pm

drabello wrote:Same problem here, I'm not sure if it's working or not.


Code: Select all

v-restart-service iptables
-> DigitalOcean competition - please, support us
-> fix for phpmyadmin - nice and sweet now

skurudo
VestaCP Team
Posts: 7807
Joined: Fri Dec 26, 2014 2:23 pm
Location: Moscow
Contact:

Re: How to know if iptables is running?

Postby skurudo » Tue May 24, 2016 2:00 pm

edica wrote:I do not understand.
In Control Panel Vesta, iptables is always: Uptime: 0 minutes.


iptables it's not linux service, so we can't say how much hours it worked.
-> DigitalOcean competition - please, support us
-> fix for phpmyadmin - nice and sweet now

drabello
Posts: 4
Joined: Tue May 24, 2016 7:54 am

Re: How to know if iptables is running?

Postby drabello » Sun May 29, 2016 2:45 pm

Code: Select all

v-restart-service iptables


Sry, I did not understand, is it running or not?

Code: Select all

v-restart-service iptables


returned: sudo: v-restart-service: command not found

skamasle
Collaborator
Posts: 384
Joined: Mon Feb 29, 2016 6:36 pm

Re: How to know if iptables is running?

Postby skamasle » Sun May 29, 2016 4:49 pm

In centos you can install iptables-services package and then you can use service iptables status and service iptables restart / stop / start etc

drabello
Posts: 4
Joined: Tue May 24, 2016 7:54 am

Re: How to know if iptables is running?

Postby drabello » Mon May 30, 2016 11:36 am

skamasle wrote:In centos you can install iptables-services package and then you can use service iptables status and service iptables restart / stop / start etc


How about in Ubuntu?

vitich
Posts: 39
Joined: Wed Jan 21, 2015 10:03 am

Re: How to know if iptables is running?

Postby vitich » Mon May 30, 2016 7:37 pm

Please read comments for /etc/init.d/iptables-persistent script
http://serverfault.com/questions/129086 ... -on-ubuntu

pipoy
Posts: 19
Joined: Mon Sep 11, 2017 8:02 am

Re: How to know if iptables is running?

Postby pipoy » Fri Oct 13, 2017 9:38 am

Hi,

I am running on:
Centos 7
vestacp 0.9.8-17

I also have 0mb and uptime: 0 minutes for the iptables.

I put service iptables status
Here is the result

Code: Select all


[root@domain~]# service iptables status
Redirecting to /bin/systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor pre                                                                                                                                          set: disabled)
   Active: active (exited) since Fri 2017-10-13 00:08:36 +08; 17h ago
 Main PID: 445 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/iptables.service

Oct 13 00:08:35 domain.com systemd[1]: Starting IPv4 firewall with iptabl....
Oct 13 00:08:36 domain.com iptables.init[445]: iptables: Applying firewall...
Oct 13 00:08:36 domain.com systemd[1]: Started IPv4 firewall with iptables.



Im not sure if this tells active. But once I stooped the service in the interface, I still see same result when I hit service iptables status command.

When I restart it, I still see 0mb and 0 minutes.

And status still shows the same result. the time did not even change.

Questions:
Is iptables really running?
Is 0mb and 0 min on the interface normal?

Thanks


Return to “General Discussion”



Who is online

Users browsing this forum: No registered users and 7 guests

cron