frisbone
Posts: 21
Joined: Sun Mar 10, 2013 9:41 pm

How to disable iptables?

Fri Feb 06, 2015 4:39 pm

Anyone know how to disable the firewall (iptables) on raspbian?

Using lsmod I know its in my kernal but it doesn't show up as a service and I can't seem to use chkconfig.

I want to rule out that it is interfering with something else but I don't know how to shut it off. Please advise.

Joe Schmoe
Posts: 4277
Joined: Sun Jan 15, 2012 1:11 pm

Re: How to disable iptables?

Fri Feb 06, 2015 4:41 pm

I didn't know that (current versions of) Raspbian have a firewall (installed by default). I've never had that problem with Raspbian.

Pidora does (last time I checked) - and I figured out how to kill off the various daemons to clip its wings.
And some folks need to stop being fanboys and see the forest behind the trees.

(One of the best lines I've seen on this board lately)

User avatar
DougieLawson
Posts: 40224
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: How to disable iptables?

Fri Feb 06, 2015 5:08 pm

There is no firewall by default. That's why I like to recommend ufw as an easy to use firewall configuration tool.
Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

frisbone
Posts: 21
Joined: Sun Mar 10, 2013 9:41 pm

Re: How to disable iptables?

Fri Feb 06, 2015 5:11 pm

Hmm, so when I type "iptables -L" and it returns something and I do lsmod and I see it, it doesn't mean its installed? Anyway to know for certain?

User avatar
DougieLawson
Posts: 40224
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: How to disable iptables?

Fri Feb 06, 2015 5:27 pm

Post the output.
Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

User avatar
rpdom
Posts: 17729
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: How to disable iptables?

Fri Feb 06, 2015 5:28 pm

iptables is built into the kernel. The default settings are to do nothing.

Code: Select all

root@raspi3:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

frisbone
Posts: 21
Joined: Sun Mar 10, 2013 9:41 pm

Re: How to disable iptables?

Fri Feb 06, 2015 5:34 pm

This is what I get:

Code: Select all

pi@raspbmc:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  192.168.0.0/24       anywhere            
DROP       all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination    


I suppose it looks like it shouldn't be blocking anything but that isn't quite the same as being disabled. Can it be turned off?

User avatar
DougieLawson
Posts: 40224
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: How to disable iptables?

Fri Feb 06, 2015 9:59 pm

What function creates those rules? What distro are you running?

My Raspbian Wheezy gets the same as rpdom, with no rules defined.
Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

frisbone
Posts: 21
Joined: Sun Mar 10, 2013 9:41 pm

Re: How to disable iptables?

Fri Feb 06, 2015 10:24 pm

Hard to say what the source is as it was part of RaspBmc - I've been assuming its been built on top of Raspbian but this is what uname gives me:

Code: Select all

pi@raspbmc:~$ uname -a
Linux raspbmc 3.12.21 #2 PREEMPT Wed Jun 11 04:53:06 UTC 2014 armv6l GNU/Linux
Turns out I was able to solve my problem without turning off iptables but it sure would be nice to know how you disable it.

User avatar
DougieLawson
Posts: 40224
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: How to disable iptables?

Fri Feb 06, 2015 10:34 pm

RaspBMC != Raspbian

There must be something in that dead media centre that is building the iptables. Try asking on the RaspBMC forum if is still open for new members.

Or switch to OpenELEC and enjoy running a supported version of Kodi.
Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

SeeGreatness
Posts: 12
Joined: Mon Feb 20, 2017 11:28 pm

Re: How to disable iptables?

Thu Feb 23, 2017 12:59 am

Why are we not giving out our answeres? I need help and pepole from the future will need it too

texy
Forum Moderator
Forum Moderator
Posts: 5160
Joined: Sat Mar 03, 2012 10:59 am
Location: Berkshire, England

Re: How to disable iptables?

Thu Feb 23, 2017 8:14 am

SeeGreatness wrote:Why are we not giving out our answeres? I need help and pepole from the future will need it too
Hi,
if you have a problem with iptables then please give as much information as possible in order for others to help you, if they can. If people can't help then they don't reply.....

Texy
Various male/female 40- and 26-way GPIO header for sale here ( IDEAL FOR YOUR PiZero ):
https://www.raspberrypi.org/forums/viewtopic.php?f=93&t=147682#p971555

nischaya
Posts: 2
Joined: Mon Apr 30, 2018 1:55 pm

Re: How to disable iptables?

Sat May 26, 2018 2:53 am

To see if it is actually enabled type in a console:

Code: Select all

sudo iptables -L -nv
if the output is like this, then your firewall is already disabled:

Code: Select all

root@debian:~# sudo iptables -L -nv 
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
To make sure it is off get root and run:

Code: Select all

echo 0 > /proc/sys/net/ipv4/ip_forward

nikoff90
Posts: 21
Joined: Wed Sep 25, 2013 12:43 am

Re: How to disable iptables?

Sat May 26, 2018 2:00 pm

Flush All Chains
To flush all chains, which will delete all of the firewall rules, you may use the -F, or the equivalent --flush, option by itself:

Code: Select all

sudo iptables -F

sudo iptables-save > /etc/iptables.conf
If that is where your rules are saved on that build you might do well to look. If you dont save it will revert back at reboot Generally some sort of firewall is a good thing. Arch has a good section on iptables and basic rules.

https://wiki.archlinux.org/index.php/si ... l_firewall

foss.prime
Posts: 3
Joined: Mon Jan 21, 2019 2:23 pm

Re: How to disable iptables?

Mon Jan 21, 2019 10:09 pm

I got here because the Pi could connect to most of the local network, but not VPN users or other subnets.

The issue was that the subnet mask was wrong, it defaults to /8 in the gui, which meant it would only talk to the gateway if the destination IP is outside of /8, instead of /24 which is far more typical. Ping'ing and Netcat all appeared as if there was a firewall issue, at the end of the day it was an atypical routing misconfiguration, the subnet was too wide.

Return to “Raspberry Pi OS”