Some questions about the iptables
Hello,
I wrote the following iptables rules: Code:
$ sudo iptables -L 1- I use Debian and I guess by default it has not any iptables service. I installed the iptables-persistent package to have the iptables service and want to know reads it my iptables rules and when I use sudo systemctl stop iptables.service command, then all of the above rules must be disabled? If yes, then this does not happen. 2- When I use iptables -F command, then my network disconnected, why? Code:
$ sudo iptables -F |
Hi,
default firewall on Debian is netfilter/nftables not iptables. See https://wiki.debian.org/nftables Is there some particular reason you want to use iptables? Evo2. |
Quote:
Thank you so much for your reply. The netfilter/nftables is the next generation of the iptables. Do you mean iptables's rules don't work? It worked. My questions are why when I use systemctl stop iptables.service, then it does not apply and why when I use iptables -F command, then my network disconnected? |
The rules are flushed but the policy remains as drop. Without any rules to accept traffic nothing gets through.
|
Quote:
Thank you for your reply. What should I do? |
Change the default policy
https://wiki.debian.org/iptables |
Quote:
Thank you so much for your reply. So, I must: Code:
# update-alternatives --set iptables /usr/sbin/iptables-nft Code:
# nano /etc/network/if-pre-up.d/iptables Code:
#!/bin/sh Code:
# chmod +x /etc/network/if-pre-up.d/iptables |
Hello,
I did the above commands and started the nftables service: Code:
$ systemctl status nftables.service Code:
$ sudo iptables -L |
Just my 2 cents, Reject should be at the last line in: Chain INPUT (policy DROP)
I believe the process is some sort of a water flow, if you put Reject at the top then whatever comes with it will be ignored or rejected. Quote:
|
Quote:
Thank you so much for your reply. Must I remove the iptables package? Please take a look at my nftables rules: Code:
$ sudo nft list ruleset |
Quote:
|
All times are GMT -5. The time now is 04:01 PM. |