Are you getting the warning ‘iptables: Firewall is not running’? We can help you.
Usually, this happens when iptables.service is not running in the server. This can be due to missing binaries or improper installation.
At Bobcares, we fix iptables errors in servers, as part of our Server Management Services.
Today, let’s see how our Support Engineers make the iptables working again.
Why does the iptables show firewall is not running?
Iptables is a command-line firewall utility. By specifying rules, we can control the traffic on the server.
But, if iptables is no longer running in a server, it shows a warning message as the output of every firewall operation. The warning message is,
iptables: Firewall is not running
This warning appears when the iptables do not start in a server during the boot process. Usually, the iptables will be configured to start during the boot process.
How we make the iptables running again?
In some cases, restarting the iptables service can make it working again. But we always check why it didn’t start during the boot process and fix the reasons for it. So the same warning won’t appear again.
Now let’s discuss the workarounds our Support Engineers do to fix the warning.
1. Ensure the service is set to start on boot
First, we verify that the service is set to start on boot.
For this, we use the chkconfig command. The command usage and its result appears as,
chkconfig iptables --list iptables 0:off 1:off 2:off 3:on 4:on 5:on 6:off
Then to enable the service on boot, we use the command,
chkconfig iptables on
2. List the iptables module
Next, we load the iptables module. For this, we use the command,
If the service is not running then it gives an empty table like,
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
So, to ensure that the module loads, we use
lsmod | grep tables
If the module does not load, we delete any blacklist lines from the modprobe configuration for iptables modules.
We find the blacklisted line using the below command,
grep -r iptables /etc/modprobe* /etc/modprobe.d/blacklist.conf:blacklist iptables /etc/modprobe.d/blacklist.conf:blacklist ip6tables
And we delete those lines.
3. Check if the rules are saved to disk
The iptables rules are usually saved to the configuration file. For an RHEL, the iptables config file is /etc/sysconfig/iptables.
First, we verify if the rules are saved in the config file or not. If not, then we save the rules using the command,
service iptables save
Because restarting the iptables service removes the unsaved rules from the config file.
4. Verify if the service is running
Firstly, we take a backup of the existing config file.
cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bkp
This is to check whether the rules change after a service restart or system reboot.
Finally, we restart the iptables service to ensure that it loads the rules.
service iptables restart service iptables status
Once we restart the iptables, we again check the rules. Now the output appears as,
Thus we ensure that the firewall is running.
[Need more assistance in fixing iptables errors? – We are available 24/7.]
In short, the iptables shows the warning firewall is not running due to missing binary or improper installation. Today, we saw how our Support Engineers fixed it.