Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd please sign up again. Thanks!

IPTables Problem - help wanted

Discussion in 'Linux Networking' started by MustangV10, Jun 14, 2012.

  1. MustangV10

    MustangV10 Guest

    Hi,

    IPTables is giving an error (FAILED) when restarting. I'm not sure why.

    [[email protected] /]# service iptables restart
    iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
    iptables: Flushing firewall rules: [ OK ]
    iptables: Setting chains to policy ACCEPT: nat mangle filte[ OK ]
    iptables: Unloading modules: iptable_filter iptable_filter[FAILED]es
    iptables: Applying firewall rules: [ OK ]
    iptables: Loading additional modules: ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ipt_owner ipt[ OK ]T
    [[email protected] /]#

    Any ideas?



    Thanks.
     
  2. Akendo

    Akendo Guest

    Can you show me what your trying to load? As well some VPS have limits on they allowed iptables rules. lsmod can show us a bit more.

    so far
    Akendo
     
  3. nubbix

    nubbix Guest

    Have you used sslstrip lately? Can u elaborate a bit on what you did prior to this issue?
     
  4. MustangV10

    MustangV10 Guest

    Not too sure what you guys mean. I don't think I've used 'sslstrip', however, I can't say for sure. I don't know when it started happening, I just tried to restart IPTables the other day and got this.

    Here's the result of lsmod if it helps:

    A few things have been changed since I posted this. Now get this:
    So it's just the iptable_filter that is failing by the looks of it.
     
  5. nubbix

    nubbix Guest

    If you edit /etc/rc.d/init.d/iptables and change:

    modprobe -r $mod > /dev/null 2>&1

    to

    modprobe -r $mod

    you will see which module failed to unload. I would guess it is a connection tracking module which was "busy".

    You can avoid the "FAILED" messages by putting IPTABLES_MODULES_UNLOAD=no into /etc/sysconfig/iptables-config.
     
  6. MustangV10

    MustangV10 Guest

    So I'm guessing I would have to stop all the VPS' with vzctl so they weren't in use to get rid of the errors. However, it's a VPS node so that isn't the answer.
     
  7. nubbix

    nubbix Guest

    Guess not
     
  8. Akendo

    Akendo Guest

    The Problem you have is: Some open connection depending on the iptables modles. Mean,(this i what i think, not so sure) there is some open connection that is route via iptables. Disabling iptables would mean to interrupt this connection.

    I'm sure the kernel is not wanting this. But you could unload the module by hand with modprobe -r.
    But be careful about this!

    so far
    Akendo
     

Share This Page