Cannot start iptables on RHEL 7
Short answer I know, but I had a similar issue and a reboot fixed it. The service was started on boot and then I could stop and start as normal.
Related videos on Youtube
![Roy Hinkley](https://i.stack.imgur.com/RPseG.jpg?s=256&g=1)
Roy Hinkley
Updated on September 18, 2022Comments
-
Roy Hinkley almost 2 years
I am trying to use iptables on a RHEL7. I have performed the following:
systemctl mask firewalld systemctl stop firewalld yum install iptables-services systemctl enable iptables systemctl start iptables
But the last line errors:
Job for iptables.service failed because the control process exited with error code. See "systemctl status iptables.service" and "journalctl -xe" for details. journalctl -u service-name.service -- No entries --
and
journalctl -xe
Jan 13 12:30:03 localhost.localdomain systemd[1]: Unit iptables.service entered failed state. Jan 13 12:30:03 localhost.localdomain systemd[1]: iptables.service failed. Jan 13 12:30:03 localhost.localdomain polkitd[10240]: Unregistered Authentication Agent for unix-process:27798:561438909 (system bus name :1.22082, object path /org/freedesktop/P lines 1222-1263/1263 (END)
Which only tells me it failed, not the cause, and I don't know what Unregistered Authentication Agent for unix-process means or if it's related. I believe it is because it always follows the iptables error lines. But I don't know what this means, or specifically how to remedy it. Nor which is cause and which is effect.
Additionally:
sudo iptables -S -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28
and
iptables-restore
hangs.Resolved:
I am not sure exactly what was the real cause, handle locks or whatever, but after a couple of reboots and running
iptables-restore
, I am now able to get the service started.How to I get iptables services started?
-
Admin over 7 years@JacobEvans - No, but I am not using IPv6 either at the moment.
-
Admin over 7 yearsdid you try
systemctl daemon-reload
beforesystemctl start iptables
-
Admin over 7 years@JacobEvans no but I just tried with same results.
-
-
Roy Hinkley over 7 yearsThanks for the suggestion, but same results.
-
bao7uo over 7 yearsSorry it didn't work
-
Roy Hinkley over 7 yearsAfter a couple more reboots and restore attempts, everything is now working. So, I am accepting this as my answer.