27

When I run on my linux Redhat version 6.8 machine - service iptables status

I get the rules table ( but not if iptables running or not )

Does the following show that iptables is running?

 # service iptables status
 Table: filter
 Chain INPUT (policy ACCEPT)
 num  target     prot opt source               destination
 1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state   RELATED,ESTABLISHED
 2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
 3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
 4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state  NEW tcp dpt:22
 5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject- with icmp-host-prohibited

 Chain FORWARD (policy ACCEPT)
 num  target     prot opt source               destination
 1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject- with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Iptables is enabled on boot 

# chkconfig --list iptables
iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
Burgi
  • 6,493
  • 14
  • 39
  • 52
King David
  • 781
  • 2
  • 14
  • 27

3 Answers3

30

There is no such thing as "iptables is running" - there is no dedicated firewall process to monitor.

If the kernel modules are loaded and rules defined (both of which are proven by showing a valid rules table), the filtering is active. It is done in-kernel on events (packet rcv/snd) and not on a separate process.

So: Yes, if the rules shown are what you want, then your firewall is up.

Eugen Rieck
  • 19,950
  • 5
  • 51
  • 46
  • 8
    Not always true. Under CentOS7 you have `firewalld` installed by default, and you can check its status by running `systemctl status firewalld`. Also, a package called `iptables-services` can be installed and if started (service name: `iptables`), you can check if it's running or not. – nKn Sep 14 '16 at 16:07
  • 7
    @nKn - the question was: how to verify if **iptables** is running. firewalld does NOT replace iptables, it's just used to configure it. A dead firewalld with active iptables rules mean, that the firewall is UP, not DOWN – Eugen Rieck Sep 14 '16 at 16:11
  • 1
    Exactly, and I said it **can** be checked installing the `iptables-services` packages and checking `systemctl status iptables`, which will tell you if `iptables` is running or not. – nKn Sep 14 '16 at 16:14
  • 4
    And again, again, again: There is no such thing as "iptables is running". – Eugen Rieck Sep 15 '16 at 08:07
  • 2
    @nKn Thanks bro. `firewalld` was my issue! –  Feb 28 '18 at 10:20
1

This way we can know only if its not running

[root@vm1 ~]# service iptables status iptables: Firewall is not running.

if running , it prints rules table as shown to you

programmer
  • 11
  • 1
1

On Ubuntu 20.04, I used service iptables status to show the following:

~$ service iptables status
● iptables.service - netfilter persistent configuration
     Loaded: loaded (/etc/alternatives/iptables.service; enabled; vendor preset: enabled)
     Active: inactive (dead)           
       Docs: man:netfilter-persistent(8)

~$ service iptables restart
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to restart 'iptables.service'.
Authenticating as: <user id>
Password:
==== AUTHENTICATION COMPLETE ===

~$ service iptables status
● iptables.service - netfilter persistent configuration
     Loaded: loaded (/etc/alternatives/iptables.service; enabled; vendor preset: enabled)
     Active: active (exited) since Sun 2021-01-31 08:25:23 EST; 11s ago
       Docs: man:netfilter-persistent(8)
    Process: 140486 ExecStart=/usr/sbin/netfilter-persistent start (code=exited, status=0/SUCCESS)
   Main PID: 140486 (code=exited, status=0/SUCCESS)
richb-hanover
  • 171
  • 3