How to re-enable iptables on Fedora 18?

fedora iptables firewalld
5,339

Looks to me like that is because of a new version of iptables that came out in October. -m state --state has been obsoleted in favour of -m conntrack --ctstate. Hence, "The state match is obsolete. Use conntrack instead."

http://forums.gentoo.org/viewtopic-t-940302-start-0.html

http://blog.yjl.im/2012/11/iptables-state-match-is-obsolete-use.html

'conntrack' is in my man page (1.4.14, which is not the newest one):

conntrack This module, when combined with connection tracking, allows access to the connection tracking state for this packet/connection.

[!] --ctstate statelist statelist is a comma separated list of the connection states to match. Possible states are listed below.

[...]

States for --ctstate:

INVALID meaning that the packet is associated with no known connection

NEW meaning that the packet has started a new connection, or otherwise associated with a connection which has not seen packets in both directions, and

ESTABLISHED meaning that the packet is associated with a connection which has seen packets in both directions,

RELATED meaning that the packet is starting a new connection, but is associated with an existing connection, such as an FTP data transfer, or an ICMP error.

[...]

Thanks for the heads up on this, BTW.

Share:
5,339

Related videos on Youtube

Question Overflow
Author by

Question Overflow

I don't have any formal education on programming. I guess it is the passion that gets me started and keeps me going. Thanks everybody for sharing your knowledge. Don't worry, I am no critic. I see no wrong answer, only good and not so good answers. All are welcome to learn and to share.

Updated on September 18, 2022

Comments

  • Question Overflow
    Question Overflow over 1 year

    FirewallD is the default firewall in Fedora 18. I have been using iptables for quite some time and have a custom configuration which I need for logging of ip traffic. I am not used to the new graphical interface which seems to lack many of the functionalities present in the old one, that can be loaded with ease.

    I tried to re-enable the old iptables with the following commands:

    # systemctl stop firewalld.service
# systemctl start iptables.service
# systemctl start ip6tables.service

    The messages log shows:

    systemd 1 Started IPv4 firewall with iptables.
    systemd 1 Started IPv6 firewall with ip6tables.

    But from systemctl -t service -a, I can see that both remain inactive and dead, despite being loaded.

    Nevertheless, I tried loading the custom configuration with 

    iptables-restore < iptables.conf

    but got a series of warnings:

    WARNING: The state match is obsolete. Use conntrack instead.
    WARNING: The state match is obsolete. Use conntrack instead.
    WARNING: The state match is obsolete. Use conntrack instead.
    WARNING: The state match is obsolete. Use conntrack instead.
    WARNING: The state match is obsolete. Use conntrack instead.

    What should I do to get iptables back to work?

    • Admin
      Admin over 11 years
      The kernel format for firewally things is still iptables, there are convenience wrappers (and GUIs, and ...), those have changed quite a bit (and probably are different among distributions too).
  • Question Overflow
    Question Overflow over 11 years
    Thumbs up, that solve the problem. By the way, how do I save it? /usr/libexec/iptables.init save does not work anymore.
  • goldilocks
    goldilocks over 11 years
    I just edit iptables.conf directly. If you know how to use the directives, that's all it is. You can also write the current state out with iptables-save > somefile, and if that looks good, copy iptables.conf to a separate backup if you want, and replace it with somefile.
  • Question Overflow
    Question Overflow over 11 years
    Ah, yes, of course. I forgot about that. Thanks :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to enable iptables (instead of firewalld) services on RHEL 7 and Fedora 18?
Fedora 21 Port Forwarding with firewalld (firewall-cmd); how does it REALLY work? Or, does it?
firewalld to allow routing without NAT between NICs
How to disable firewalld and keep it that way?
How can we replace iptables with firewalld in ubuntu 16.04?
Problems setting up TigerVNC and firewall
Fedora 16 - Iptables installed, but no iptables service available
Linux Fedora 19 - iptables failed to start
How can I configure firewalld to block all outgoing traffic except for specific ports while allowing localhost to access any of its own local ports?
drop ip blacklist with firewalld centos 7