How to know if iptables is running?

Post by **skurudo** » Fri Oct 30, 2015 1:40 pm

iptables not a standrt linux servce and hard to say, how much time it's works.
There is no solution yet.

jonn · Post by **jonn** » Fri Nov 13, 2015 1:57 am

check iptables is on root

iptables -L -n

if chains appear its on.

drabello · Post by **drabello** » Tue May 24, 2016 8:02 am

Same problem here, I'm not sure if it's working or not.

Vesta shows:
iptables
firewall
CPU: 0Memory: 0 mb
Uptime: 0 minutes

Code: Select all

-$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-ssh
-A fail2ban-ssh -j RETURN
-A fail2ban-ssh -j RETURN
~$ sudo iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-SSH
-N fail2ban-VESTA
-N fail2ban-ssh
-N vesta
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-VESTA
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587,2525 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 110,995 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 143,993 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 3306,5432 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -s IP*** -j ACCEPT
-A INPUT -s IP*** -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 20 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 25 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 110 -j ACCEPT
-A INPUT -p udp -m udp --sport 123 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 5432 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8433 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8083 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 12000:12100 -j ACCEPT
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A fail2ban-SSH -j RETURN
-A fail2ban-VESTA -j RETURN
-A fail2ban-ssh -j RETURN
-A fail2ban-ssh -j RETURN

Code: Select all

~$ service iptables start
iptables: unrecognized service

Code: Select all

~$ sudo ufw status
Status: inactive

Post by **skurudo** » Tue May 24, 2016 1:59 pm

drabello wrote:Same problem here, I'm not sure if it's working or not.

Code: Select all

v-restart-service iptables

Post by **skurudo** » Tue May 24, 2016 2:00 pm

edica wrote:I do not understand.
In Control Panel Vesta, iptables is always: Uptime: 0 minutes.

iptables it's not linux service, so we can't say how much hours it worked.

drabello · Post by **drabello** » Sun May 29, 2016 2:45 pm

Code: Select all
v-restart-service iptables

Sry, I did not understand, is it running or not?

Code: Select all

v-restart-service iptables

returned: sudo: v-restart-service: command not found

Post by **skamasle** » Sun May 29, 2016 4:49 pm

In centos you can install iptables-services package and then you can use service iptables status and service iptables restart / stop / start etc

drabello · Post by **drabello** » Mon May 30, 2016 11:36 am

skamasle wrote:In centos you can install iptables-services package and then you can use service iptables status and service iptables restart / stop / start etc

How about in Ubuntu?

vitich · Post by **vitich** » Mon May 30, 2016 7:37 pm

Please read comments for /etc/init.d/iptables-persistent script
http://serverfault.com/questions/129086 ... -on-ubuntu

pipoy · Post by **pipoy** » Fri Oct 13, 2017 9:38 am

Hi,

I am running on:
Centos 7
vestacp 0.9.8-17

I also have 0mb and uptime: 0 minutes for the iptables.

I put service iptables status
Here is the result

Code: Select all


[root@domain~]# service iptables status
Redirecting to /bin/systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor pre                                                                                                                                          set: disabled)
   Active: active (exited) since Fri 2017-10-13 00:08:36 +08; 17h ago
 Main PID: 445 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/iptables.service

Oct 13 00:08:35 domain.com systemd[1]: Starting IPv4 firewall with iptabl....
Oct 13 00:08:36 domain.com iptables.init[445]: iptables: Applying firewall...
Oct 13 00:08:36 domain.com systemd[1]: Started IPv4 firewall with iptables.

Im not sure if this tells active. But once I stooped the service in the interface, I still see same result when I hit service iptables status command.

When I restart it, I still see 0mb and 0 minutes.

And status still shows the same result. the time did not even change.

Questions:
Is iptables really running?
Is 0mb and 0 min on the interface normal?

Thanks

Vesta Control Panel - Forum

How to know if iptables is running?

Re: How to know if iptables is running?

Re: How to know if iptables is running?

Re: How to know if iptables is running?

Re: How to know if iptables is running?

Re: How to know if iptables is running?

Re: How to know if iptables is running?

Re: How to know if iptables is running?

Re: How to know if iptables is running?

Re: How to know if iptables is running?

Re: How to know if iptables is running?

Login • Register