If you’re running CentOS 6 on a virtual server, you may run into the following problem when you try to restart iptables:
# service iptables restart iptables: Setting chains to policy ACCEPT: security raw nat[FAILED]filter iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ]
It’s a fairly simple fix. First, open up /etc/init.d/iptables in your favorite text editor, and look for this section of code:
echo -n $"${IPTABLES}: Setting chains to policy $policy: " ret=0 for i in $tables; do echo -n "$i " case "$i" in raw) $IPTABLES -t raw -P PREROUTING $policy \ && $IPTABLES -t raw -P OUTPUT $policy \ || let ret+=1 ;;
After the “case” line, and before the “raw)” line — i.e. between lines 5 and 6, above — add the following:
security) $IPTABLES -t filter -P INPUT $policy \ && $IPTABLES -t filter -P OUTPUT $policy \ && $IPTABLES -t filter -P FORWARD $policy \ || let ret+=1 ;;
When you’re done, the whole section should look like this:
echo -n $"${IPTABLES}: Setting chains to policy $policy: " ret=0 for i in $tables; do echo -n "$i " case "$i" in security) $IPTABLES -t filter -P INPUT $policy \ && $IPTABLES -t filter -P OUTPUT $policy \ && $IPTABLES -t filter -P FORWARD $policy \ || let ret+=1 ;; raw) $IPTABLES -t raw -P PREROUTING $policy \ && $IPTABLES -t raw -P OUTPUT $policy \ || let ret+=1 ;;
Then, restart iptables, and things should be fine.
# service iptables restart iptables: Setting chains to policy ACCEPT: security raw nat[ OK ]filter iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ]