Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

How to know if iptables is running?

https://forum.vestacp.com/viewtopic.php?f=10&t=8509

Page 2 of 3

Re: How to know if iptables is running?

Posted: Fri Oct 30, 2015 1:40 pm
by skurudo
iptables not a standrt linux servce and hard to say, how much time it's works.
There is no solution yet.

Re: How to know if iptables is running?

Posted: Fri Nov 13, 2015 1:57 am
by jonn
check iptables is on root

Code: Select all

iptables -L -n
if chains appear its on.

Re: How to know if iptables is running?

Posted: Tue May 24, 2016 8:02 am
by drabello
Same problem here, I'm not sure if it's working or not.

Vesta shows:
iptables
firewall
CPU: 0Memory: 0 mb
Uptime: 0 minutes

Code: Select all

-$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-ssh
-A fail2ban-ssh -j RETURN
-A fail2ban-ssh -j RETURN
~$ sudo iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-SSH
-N fail2ban-VESTA
-N fail2ban-ssh
-N vesta
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-VESTA
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587,2525 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 110,995 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 143,993 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 3306,5432 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -s IP*** -j ACCEPT
-A INPUT -s IP*** -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 20 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 25 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 110 -j ACCEPT
-A INPUT -p udp -m udp --sport 123 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 5432 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8433 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8083 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 12000:12100 -j ACCEPT
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A fail2ban-SSH -j RETURN
-A fail2ban-VESTA -j RETURN
-A fail2ban-ssh -j RETURN
-A fail2ban-ssh -j RETURN

Code: Select all

~$ service iptables start
iptables: unrecognized service

Code: Select all

~$ sudo ufw status
Status: inactive

Re: How to know if iptables is running?

Posted: Tue May 24, 2016 1:59 pm
by skurudo
drabello wrote:Same problem here, I'm not sure if it's working or not.

Code: Select all

v-restart-service iptables

Re: How to know if iptables is running?

Posted: Tue May 24, 2016 2:00 pm
by skurudo
edica wrote:I do not understand.
In Control Panel Vesta, iptables is always: Uptime: 0 minutes.
iptables it's not linux service, so we can't say how much hours it worked.

Re: How to know if iptables is running?

Posted: Sun May 29, 2016 2:45 pm
by drabello

Code: Select all

v-restart-service iptables
Sry, I did not understand, is it running or not?

Code: Select all

v-restart-service iptables
returned: sudo: v-restart-service: command not found

Re: How to know if iptables is running?

Posted: Sun May 29, 2016 4:49 pm
by skamasle
In centos you can install iptables-services package and then you can use service iptables status and service iptables restart / stop / start etc

Re: How to know if iptables is running?

Posted: Mon May 30, 2016 11:36 am
by drabello
skamasle wrote:In centos you can install iptables-services package and then you can use service iptables status and service iptables restart / stop / start etc
How about in Ubuntu?

Re: How to know if iptables is running?

Posted: Mon May 30, 2016 7:37 pm
by vitich
Please read comments for /etc/init.d/iptables-persistent script
http://serverfault.com/questions/129086 ... -on-ubuntu

Re: How to know if iptables is running?

Posted: Fri Oct 13, 2017 9:38 am
by pipoy
Hi,

I am running on:
Centos 7
vestacp 0.9.8-17

I also have 0mb and uptime: 0 minutes for the iptables.

I put service iptables status
Here is the result

Code: Select all


[root@domain~]# service iptables status
Redirecting to /bin/systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor pre                                                                                                                                          set: disabled)
   Active: active (exited) since Fri 2017-10-13 00:08:36 +08; 17h ago
 Main PID: 445 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/iptables.service

Oct 13 00:08:35 domain.com systemd[1]: Starting IPv4 firewall with iptabl....
Oct 13 00:08:36 domain.com iptables.init[445]: iptables: Applying firewall...
Oct 13 00:08:36 domain.com systemd[1]: Started IPv4 firewall with iptables.
Im not sure if this tells active. But once I stooped the service in the interface, I still see same result when I hit service iptables status command.

When I restart it, I still see 0mb and 0 minutes.

And status still shows the same result. the time did not even change.

Questions:
Is iptables really running?
Is 0mb and 0 min on the interface normal?

Thanks
All times are UTC
Page 2 of 3
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/