Are you getting the warning ‘iptables: Firewall is not running’? We can help you.

Usually, this happens when iptables.service is not running in the server. This can be due to missing binaries or improper installation.

At Bobcares, we fix iptables errors in servers, as part of our Server Management Services.

Today, let’s see how our Support Engineers make the iptables working again.


Why does the iptables show firewall is not running?

Iptables is a command-line firewall utility. By specifying rules, we can control the traffic on the server.

But, if iptables is no longer running in a server, it shows a warning message as the output of every firewall operation. The warning message is,

iptables: Firewall is not running

This warning appears when the iptables do not start in a server during the boot process. Usually, the iptables will be configured to start during the boot process.


How we make the iptables running again?

In some cases, restarting the iptables service can make it working again. But we always check why it didn’t start during the boot process and fix the reasons for it. So the same warning won’t appear again.

Now let’s discuss the workarounds our Support Engineers do to fix the warning.


1. Ensure the service is set to start on boot

First, we verify that the service is set to start on boot.

For this, we use the chkconfig command. The command usage and its result appears as,

chkconfig iptables --list
iptables 0:off 1:off 2:off 3:on 4:on 5:on 6:off

Then to enable the service on boot, we use the command,

chkconfig iptables on


2. List the iptables module

Next, we load the iptables module. For this, we use the command,

iptables -L

If the service is not running then it gives an empty table like,

Chain INPUT (policy ACCEPT)
target      prot opt source         destination

Chain FORWARD (policy ACCEPT)
target      prot opt source         destination

Chain OUTPUT (policy ACCEPT)
target      prot opt source         destination

So, to ensure that the module loads, we use

lsmod | grep tables

If the module does not load, we delete any blacklist lines from the modprobe configuration for iptables modules.

We find the blacklisted line using the below command,

grep -r iptables /etc/modprobe*
/etc/modprobe.d/blacklist.conf:blacklist iptables
/etc/modprobe.d/blacklist.conf:blacklist ip6tables

And we delete those lines.


3. Check if the rules are saved to disk

The iptables rules are usually saved to the configuration file. For an RHEL, the iptables config file is /etc/sysconfig/iptables.

First, we verify if the rules are saved in the config file or not. If not, then we save the rules using the command,

service iptables save

Because restarting the iptables service removes the unsaved rules from the config file.


4. Verify if the service is running

Firstly, we take a backup of the existing config file.

cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bkp

This is to check whether the rules change after a service restart or system reboot.

Finally, we restart the iptables service to ensure that it loads the rules.

service iptables restart
service iptables status

Once we restart the iptables, we again check the rules. Now the output appears as,

iptables firewall is not running.

Thus we ensure that the firewall is running.


[Need more assistance in fixing iptables errors? – We are available 24/7.]



In short, the iptables shows the warning firewall is not running due to missing binary or improper installation. Today, we saw how our Support Engineers fixed it.

Source link


Write A Comment