Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
And used iptables-save > /etc/sysconfig/iptables command to save it. I have two questions:
1- I use Debian and I guess by default it has not any iptables service. I installed the iptables-persistent package to have the iptables service and want to know reads it my iptables rules and when I use sudo systemctl stop iptables.service command, then all of the above rules must be disabled? If yes, then this does not happen.
2- When I use iptables -F command, then my network disconnected, why?
default firewall on Debian is netfilter/nftables not iptables.
See https://wiki.debian.org/nftables
Is there some particular reason you want to use iptables?
default firewall on Debian is netfilter/nftables not iptables.
See https://wiki.debian.org/nftables
Is there some particular reason you want to use iptables?
Evo2.
Hello,
Thank you so much for your reply.
The netfilter/nftables is the next generation of the iptables. Do you mean iptables's rules don't work? It worked. My questions are why when I use systemctl stop iptables.service, then it does not apply and why when I use iptables -F command, then my network disconnected?
Hello,
I did the above commands and started the nftables service:
Code:
$ systemctl status nftables.service
● nftables.service - nftables
Loaded: loaded (/lib/systemd/system/nftables.service; enabled; vendor pres>
Active: active (exited) since Wed 2023-06-21 13:56:04 +0330; 54min ago
Docs: man:nft(8)
http://wiki.nftables.org
Process: 388 ExecStart=/usr/sbin/nft -f /etc/nftables.conf (code=exited, st>
Main PID: 388 (code=exited, status=0/SUCCESS)
CPU: 11ms
Warning: some journal files were not opened due to insufficient permissions.
If the nftables vs. iptables, then why my iptables rules are active:
Just my 2 cents, Reject should be at the last line in: Chain INPUT (policy DROP)
I believe the process is some sort of a water flow, if you put Reject at the top then whatever comes with it will be ignored or rejected.
Quote:
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
But what is the status right now after the iptables is active?
Just my 2 cents, Reject should be at the last line in: Chain INPUT (policy DROP)
I believe the process is some sort of a water flow, if you put Reject at the top then whatever comes with it will be ignored or rejected.
But what is the status right now after the iptables is active?
Hello,
Thank you so much for your reply.
Must I remove the iptables package?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.