[Solved] Debian 12 I can’t enable iptables

[kerogaz]

Code: Select all

systemctl start iptables
systemctl status iptables
● netfilter-persistent.service - netfilter persistent co>
     Loaded: loaded (/lib/systemd/system/netfilter-persi>
    Drop-In: /usr/lib/systemd/system/netfilter-persisten>
             └─iptables.conf
     Active: active (exited) since Thu 2024-03-14 16:47:>
       Docs: man:netfilter-persistent(8)
   Main PID: 456 (code=exited, status=0/SUCCESS)
        CPU: 18ms

Mar 14 16:47:11 debian systemd[1]: Starting netfilter-pe>
Mar 14 16:47:11 debian netfilter-persistent[465]: run-pa>
Mar 14 16:47:12 debian netfilter-persistent[465]: run-pa>
Mar 14 16:47:12 debian systemd[1]: Finished netfilter-pe>
lines 1-13/13 (END)...skipping...
● netfilter-persistent.service - netfilter persistent configuration
     Loaded: loaded (/lib/systemd/system/netfilter-persistent.service; enabled; pres>
    Drop-In: /usr/lib/systemd/system/netfilter-persistent.service.d
             └─iptables.conf
     Active: active (exited) since Thu 2024-03-14 16:47:12 EET; 16h ago
       Docs: man:netfilter-persistent(8)
   Main PID: 456 (code=exited, status=0/SUCCESS)
        CPU: 18ms



systemctl enable iptables
Failed to enable unit: Refusing to operate on alias name or linked unit file: iptables.service

[kerogaz]

Perhaps the service has a different name and it enable like this?

Code: Select all

systemctl enable netfilter-persistent.service
Synchronizing state of netfilter-persistent.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable netfilter-persistent

[kerogaz]

Wat is netfilter-persistent and what is his relationship with iptables? (netfilter-persistent - load, flush and save netfilter rule sets)

Code: Select all

netfilter-persistent 
Usage: /usr/sbin/netfilter-persistent (start|stop|restart|reload|flush|save)

Code: Select all

netfilter-persistent start
run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start

Code: Select all

iptables -L -n -v
Chain INPUT (policy ACCEPT 236 packets, 44082 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 81 packets, 5178 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-output (0 references)
 pkts bytes target     prot opt in     out     source               destination

[kerogaz]

It seems to me that netfilter-persistent is a utility for load, flush and save netfilter rule sets

[kerogaz]

I don't understand anything; what is in debian 12 : iptables, iptables-persistent and netfilter-persistent - it's all installed

Code: Select all

apt install iptables-persistent
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
iptables-persistent is already the newest version (1.0.20).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Code: Select all

systemctl start iptables-persistent
Failed to start iptables-persistent.service: Unit iptables-persistent.service not found.
 systemctl start iptables #its starting
systemctl start netfilter-persistent  #its starting

[fabien]

I don't understand anything; what is in debian 12 : iptables, iptables-persistent and netfilter-persistent - it's all installed

Debian does not install these packages by default.
Either you manually installed them or as a dependency of another package, you can find reverse dependencies with e.g.

Code: Select all

$> apt rdepends iptables-persistent netfilter-persistent

To check if these packages are marked as manually installed:

Code: Select all

$> apt-mark showmanual  iptables-persistent netfilter-persistent

[kerogaz]

Code: Select all

apt-mark showmanual  iptables-persistent netfilter-persistent
iptables-persistent

https://reintech.io/blog/configuring-ip ... -debian-12\
"Debian 12 typically comes with IPTables installed by default."
"After configuring your rules, you need to save them to ensure they persist after a reboot. On Debian 12, you can save your IPTables rules with the following command:
sudo netfilter-persistent save
To reload your rules, you can use:
sudo netfilter-persistent reload"
So netfilter-persistent is a utility for working with rules. It remains to find out what iptables-persistent is

[kerogaz]

iptables-persistent (1.0.20)
Debian 12:
iptables-persistent (1.0.20)
iptables-persistent:

[iptables-persistent_1.0.20.dsc]
[iptables-persistent_1.0.20.tar.xz]

gustavo panizzo (


iiptables-persistent is boot-time loader for netfilter rules, iptables plugin

netfilter-persistent is a loader for netfilter configuration using a plugin-based architecture.
https://packages.debian.org/en/sid/iptables-persistent
This package contains the iptables and ip6tables plugins.
It turns out that iptables-persistent contains iptables and netfiltelter-persistent