Fixing an IPTables Startup Error on CentOS 6

If you’re running CentOS 6 on a virtual server, you may run into the following problem when you try to restart iptables:

# service iptables restart
iptables: Setting chains to policy ACCEPT: security raw nat[FAILED]filter 
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

It’s a fairly simple fix. First, open up /etc/init.d/iptables in your favorite text editor, and look for this section of code:

   echo -n $"${IPTABLES}: Setting chains to policy $policy: "
    ret=0
    for i in $tables; do
        echo -n "$i "
        case "$i" in
            raw)
                $IPTABLES -t raw -P PREROUTING $policy \
                    && $IPTABLES -t raw -P OUTPUT $policy \
                    || let ret+=1
                ;;

After the “case” line, and before the “raw)” line — i.e. between lines 5 and 6, above — add the following:

           security)
               $IPTABLES -t filter -P INPUT $policy \
                   && $IPTABLES -t filter -P OUTPUT $policy \
                   && $IPTABLES -t filter -P FORWARD $policy \
                   || let ret+=1
               ;;

When you’re done, the whole section should look like this:

   echo -n $"${IPTABLES}: Setting chains to policy $policy: "
    ret=0
    for i in $tables; do
        echo -n "$i "
        case "$i" in
            security)
                $IPTABLES -t filter -P INPUT $policy \
                    && $IPTABLES -t filter -P OUTPUT $policy \
                    && $IPTABLES -t filter -P FORWARD $policy \
                    || let ret+=1
                ;;
            raw)
                $IPTABLES -t raw -P PREROUTING $policy \
                    && $IPTABLES -t raw -P OUTPUT $policy \
                    || let ret+=1
                ;;

Then, restart iptables, and things should be fine.

# service iptables restart
iptables: Setting chains to policy ACCEPT: security raw nat[  OK  ]filter 
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

Leave a Reply

Your email address will not be published. Required fields are marked *