How to re-enable iptables on Fedora 18?
Looks to me like that is because of a new version of iptables that came out in October. -m state --state
has been obsoleted in favour of -m conntrack --ctstate
. Hence, "The state match is obsolete. Use conntrack instead."
http://forums.gentoo.org/viewtopic-t-940302-start-0.html
http://blog.yjl.im/2012/11/iptables-state-match-is-obsolete-use.html
'conntrack' is in my man page (1.4.14, which is not the newest one):
conntrack This module, when combined with connection tracking, allows access to the connection tracking state for this packet/connection.
[!] --ctstate statelist statelist is a comma separated list of the connection states to match. Possible states are listed below.
[...]
States for --ctstate:
INVALID meaning that the packet is associated with no known connection
NEW meaning that the packet has started a new connection, or otherwise associated with a connection which has not seen packets in both directions, and
ESTABLISHED meaning that the packet is associated with a connection which has seen packets in both directions,
RELATED meaning that the packet is starting a new connection, but is associated with an existing connection, such as an FTP data transfer, or an ICMP error.
[...]
Thanks for the heads up on this, BTW.
Related videos on Youtube
Question Overflow
I don't have any formal education on programming. I guess it is the passion that gets me started and keeps me going. Thanks everybody for sharing your knowledge. Don't worry, I am no critic. I see no wrong answer, only good and not so good answers. All are welcome to learn and to share.
Updated on September 18, 2022Comments
-
Question Overflow over 1 year
FirewallD is the default firewall in Fedora 18. I have been using
iptables
for quite some time and have a custom configuration which I need for logging of ip traffic. I am not used to the new graphical interface which seems to lack many of the functionalities present in the old one, that can be loaded with ease.I tried to re-enable the old iptables with the following commands:
# systemctl stop firewalld.service # systemctl start iptables.service # systemctl start ip6tables.service
The messages log shows:
systemd 1 Started IPv4 firewall with iptables.
systemd 1 Started IPv6 firewall with ip6tables.But from
systemctl -t service -a
, I can see that both remain inactive and dead, despite being loaded.Nevertheless, I tried loading the custom configuration with
iptables-restore < iptables.conf
but got a series of warnings:
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.What should I do to get iptables back to work?
-
Admin over 11 yearsThe kernel format for firewally things is still iptables, there are convenience wrappers (and GUIs, and ...), those have changed quite a bit (and probably are different among distributions too).
-
-
Question Overflow over 11 yearsThumbs up, that solve the problem. By the way, how do I save it?
/usr/libexec/iptables.init save
does not work anymore. -
goldilocks over 11 yearsI just edit iptables.conf directly. If you know how to use the directives, that's all it is. You can also write the current state out with
iptables-save > somefile
, and if that looks good, copy iptables.conf to a separate backup if you want, and replace it with somefile. -
Question Overflow over 11 yearsAh, yes, of course. I forgot about that. Thanks :)