I'm having an issue with IPtables on a CentOS 5.6 machine which was previously working fine, i'm not entirely sure when this began happening as i only noticed the problem when i came to allow a new IP on a port.
Basically, when i attempt to stop, start or restart i get the following:
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: security raw nat mangle filter [FAILED]
Unloading iptables modules: [ OK ]
For some reason, no matter what i do i can't reconfigure the rules. I've tried going so far as to uninstall IPtables completely (through yum), but even after a system restart it was still only allowing connections to the ports that were open before the problem began, and filtering everything else.
I'm really at my wits end, iptables status shows completely empty chains, but still no joy as far as external connections.
Any ideas would be appreciated. If you'd like me to provide any more information please let me know.
Thanks in advance,
Sam.
EDIT: Contents of /etc/sysconfig/iptables (it's basically empty due to having removed and reinstalled iptables).
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
EDIT 2:
If i run /etc/init.d/iptables stop i get:
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: security raw nat mangle filter [FAILED]
Unloading iptables modules: [ OK ]
And the empty rules:
$ iptables -L -n -v
Chain INPUT (policy ACCEPT 81 packets, 6575 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 72 packets, 4133 bytes)
pkts bytes target prot opt in out source destination
But it still blocks and filters the ports.
Similarly, starting results in:
/etc/init.d/iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: security raw nat mangle filter [FAILED]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
iptables -L -n -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
207 54155 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 reject-with tcp-reset
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
4 228 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
2 116 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
2 128 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
0 0 ACCEPT tcp -- * * -sanitized- 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 192.168.0.0/16 0.0.0.0/0 tcp dpt:22
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 reject-with tcp-reset
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 ACCEPT all -- lo lo 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
158 25662 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 reject-with tcp-reset
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
33 2351 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
But i still can't connect on SSH port 22 (i'm otherwise using a serial console).
Best Answer
This thread had a solution that worked for me: http://forum.linode.com/viewtopic.php?t=6981&postdays=0&postorder=asc&start=0
The solution is to add the following lines to /etc/init.d/iptables