2

How do you start or stop IP Tables

service iptables status

Unit iptables.service could not be found.



systemctl start iptables

Failed to start iptables.service: Unit iptables.service not found.

I found this file But there's no Indication of a start function

/usr/sbin/iptables-apply

I ran find / -name "iptables" and got this

/usr/bin/iptables-xml
/usr/lib/python3/dist-packages/ufw/backend_iptables.py
/usr/lib/python3/dist-packages/ufw/__pycache__/backend_iptables.cpython-36.pyc
/usr/sbin/iptables-apply
/usr/share/bash-completion/completions/iptables
/usr/share/iptables
/usr/share/iptables/iptables-rules
/usr/share/iptables/iptables.xslt
/usr/share/ufw/iptables
/usr/share/doc/iptables
/usr/share/zsh/functions/Completion/Linux/_iptables
/usr/share/man/man8/iptables-extensions.8.gz
/usr/share/man/man8/iptables.8.gz
/usr/share/man/man8/iptables-restore.8.gz
/usr/share/man/man8/iptables-save.8.gz
/usr/share/man/man8/iptables-apply.8.gz
/usr/share/man/man1/iptables-xml.1.gz
/usr/share/mime/text/x-iptables.xml
/usr/local/share/doc/pgl/examples/iptables-custom-remove.sh
/usr/local/share/doc/pgl/examples/iptables-custom-insert.sh
/usr/local/var/lib/pgl/.pglcmd.iptables.remove.sh
/etc/rsyslog.d/my_iptables.conf
/sbin/iptables-restore
/sbin/iptables
/sbin/iptables-save
/var/log/iptables.log
/var/lib/dpkg/info/iptables.md5sums
/var/lib/dpkg/info/iptables.list

So where exactly does it start?

1 Answers1

2

iptables is part of the kernel / netfilter. It's not a specific service or program that you can 'start' or 'stop'. It's ever-present, the only thing of relevance is what rules are loaded into it at a given time.

That means that the iptables command you call is actually just a front-end that helps with understanding / reading / interpreting / configuring the underlying netfilter rules at the system/kernel level for that boot session. There is no given 'program' you can start or stop to disable iptables - there's commands you can run which do this (such as iptables -F among others), but there's no specific service to start or stop.

In comments, you refer to "other people" saying that it is a service. In many cases, this isn't actually a service per-se, it's just a service-executable script which handles loading / unloading iptables rulesets.

There may be other distributions that ship these types of service scripts that manipulate iptables - indeed, I myself have a service script on my computer that has a 'start' and 'stop' call which either loads iptables rules from a file, or correspondingly clears out all rules and sets things back to the system default of 'accept all'. This is, however, not shipped in the Ubuntu repositories, it's a script I wrote (and for 'fragile code' reasons I am not willing to share this at this time).

Ubuntu doesn't provide such service scripts for iptables. You would need to write your own. Or, consider using ufw if you want something simpler to maintain that you can load with system utilities (though, these are also 'scripts' that more or less control whether the ufw-defined rulesets are enabled or not, and you're really supposed to use ufw enable / ufw disable instead of those service scripts).

Thomas Ward
  • 78,878